This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- From: DJ Delorie <dj at redhat dot com>
- To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
- Cc: libc-alpha at sourceware dot org, scarybeasts at gmail dot com, fweimer at redhat dot com
- Date: Mon, 23 Oct 2017 16:41:37 -0400
- Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dj at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 13344820F4
I'm OK with the patch in theory, but...
unlink() is called from seven places; you have patched two. Are the
other five open to this bug? Perhaps it would be better to add another
parameter to the unlink() macro to centralize this check and enforce it
everywhere?
I wonder if we should add a "size_is_sane()" macro to check for
unreasonable sizes before we use them to compute pointers.
Also, your mailer is corrupting your patch; I had to apply it by hand to
review it. It's wrapping lines and using 0xa0 spaces instead of 0x20.
Attaching it as inline-text might help, instead of just pasting it in to
the body.