This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks

From: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
To: DJ Delorie <dj at redhat dot com>
Cc: fweimer at redhat dot com, libc-alpha at sourceware dot org, scarybeasts at gmail dot com
Date: Sat, 6 Jan 2018 18:48:16 -0800
Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
Authentication-results: sourceware.org; auth=none
References: <xnmv3oxv5p.fsf@greed.delorie.com>

Trying to ping again for this patch as well as where to find the patches
Florian mentioned.

Happy New Year:-)

On 11/14/2017 04:06 PM, DJ Delorie wrote:
> Moritz Eckert <m.eckert@cs.ucsb.edu> writes:
>>> But as of now, regarding my proposed patch, it would prevent the 
>>> Poison-Null-Byte attack immediately and with no performance impact, 
>>> which seems like a good solution until the heap protector is ready.
> I'm OK with the original patch that moves the size check outside the
> unlink() macro, at least.  Wait for a second +1, then it should be OK to
> apply.

Follow-Ups:
- Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
  - From: Moritz Eckert

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]