This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks

From: DJ Delorie <dj at redhat dot com>
To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
Cc: libc-alpha at sourceware dot org, scarybeasts at gmail dot com, fweimer at redhat dot com
Date: Mon, 23 Oct 2017 17:16:29 -0400
Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dj at redhat dot com
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EBE57356E4

Moritz Eckert <m.eckert@cs.ucsb.edu> writes:
> I only placed the check before backward unlinks,

Ah, ok.

>> I wonder if we should add a "size_is_sane()" macro to check for
>> unreasonable sizes before we use them to compute pointers.
> That sounds like a good idea to me. Would you prefer a separate macro
> for prev_size and size that only gets the current chunk as a parameter or
> a single macro that gets a parameter what to check for?

I don't know, I was just wondering if there were some other way to
determine that a size has been corrupted other than consistency checks.

Follow-Ups:
- Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
  - From: Moritz Eckert
- Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
  - From: Moritz Eckert

References:
- Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
  - From: Moritz Eckert

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]