This is sources Bugzilla
Bugzilla Version 2.17.5
Bugzilla Bug 10149
  stack guard should lead with zero byte to gain protections from str* writes Last modified: 2009-05-14 21:49
     Query page      Enter new bug
Bug#: 10149   Hardware:   Reporter: Kees Cook <kees@outflux.net>
Host: Target: Build:
Product:     Add CC:
Component:   Version:   CC:
Remove selected CCs
Status: NEW   Priority:  
Resolution:   Severity:  
Assigned To: Ulrich Drepper <drepper@redhat.com>   Target Milestone:  
Flags: Requestee:
  backport ()
  examined ()
  testsuite ()
Summary:
Keywords:

Attachment Description Type Created Actions
leading-zero.patch keep leading zero patch 2009-05-12 18:05 Edit | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 10149 depends on: Show dependency tree
Show dependency graph
Bug 10149 blocks:

Additional Comments:


Leave as NEW 
Mark bug as waiting for feedback
Mark bug as suspended
Accept bug (change status to ASSIGNED)
Resolve bug, changing resolution to
Resolve bug, mark it as duplicate of bug #
Reassign bug to
Reassign bug to owner of selected component

View Bug Activity   |   Format For Printing

Description:   Last confirmed: 0000-00-00 00:00 Opened: 2009-05-12 18:05 
When building the stack guard, it has been traditionally important to have the
value start (in memory) with a zero byte to protect the guard value (and the
rest of the stack past it) from being read via strcpy, etc.

This patch reduces the number of random bytes by one, leaving the leading zero byte.

------- Additional Comment #1 From Kees Cook 2009-05-12 18:05 ------- 
Created an attachment (id=3933)
keep leading zero

------- Additional Comment #2 From Kees Cook 2009-05-14 21:48 ------- 
I should clarify -- the read-blocking is nice, but the more common reason the
leading zero is important is to avoid the guard being written as part of a
larger overflow being written out by a str* function, if its value were leaked
to an attacker in some other way.
     Query page      Enter new bug
Actions: New | Query | bug # | Reports | Requests   New Account | Log In