This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- From: DJ Delorie <dj at redhat dot com>
- To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
- Cc: libc-alpha at sourceware dot org, scarybeasts at gmail dot com, fweimer at redhat dot com
- Date: Thu, 26 Oct 2017 23:27:26 -0400
- Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dj at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 87BFD4E90A
Sorry, I'm not getting my idea across. Let me try again.
I'm thinking, something that tests a size *before* we consider it in the
context of a chunk, such as this one:
https://www.sourceware.org/ml/libc-alpha/2017-10/msg01202.html
One might also consider certain combinations of the three low order
bits, like setting both the A (arena) and M (mmap'd) bits at the same
time.
Even if we had such a test, though, we'd still need to carefully
consider all the places we'd use it - comparing possible utility vs
performance degredation.
But please don't consider this a requirement for any pending patches, I
was just thinking out loud ;-)