Summary: | stack guard should lead with zero byte to gain protections from str* writes | ||
---|---|---|---|
Product: | glibc | Reporter: | Kees Cook <kees> |
Component: | libc | Assignee: | Ulrich Drepper <drepper.fsp> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | glibc-bugs |
Priority: | P2 | Flags: | fweimer:
security-
|
Version: | unspecified | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | ||
Attachments: | keep leading zero |
Description
Kees Cook
2009-05-12 18:05:34 UTC
Created attachment 3933 [details]
keep leading zero
I should clarify -- the read-blocking is nice, but the more common reason the leading zero is important is to avoid the guard being written as part of a larger overflow being written out by a str* function, if its value were leaked to an attacker in some other way. I've applied a cleaner and more efficient patch. |