This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks

From: DJ Delorie <dj at redhat dot com>
To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
Cc: libc-alpha at sourceware dot org, scarybeasts at gmail dot com, fweimer at redhat dot com
Date: Thu, 26 Oct 2017 23:27:26 -0400
Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dj at redhat dot com
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 87BFD4E90A

Sorry, I'm not getting my idea across.  Let me try again.

I'm thinking, something that tests a size *before* we consider it in the
context of a chunk, such as this one:

  https://www.sourceware.org/ml/libc-alpha/2017-10/msg01202.html

One might also consider certain combinations of the three low order
bits, like setting both the A (arena) and M (mmap'd) bits at the same
time.

Even if we had such a test, though, we'd still need to carefully
consider all the places we'd use it - comparing possible utility vs
performance degredation.

But please don't consider this a requirement for any pending patches, I
was just thinking out loud ;-)

Follow-Ups:
- Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
  - From: Moritz Eckert

References:
- Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
  - From: Moritz Eckert

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]