This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- From: DJ Delorie <dj at redhat dot com>
- To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
- Cc: libc-alpha at sourceware dot org, scarybeasts at gmail dot com, fweimer at redhat dot com
- Date: Mon, 23 Oct 2017 17:16:29 -0400
- Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dj at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EBE57356E4
Moritz Eckert <m.eckert@cs.ucsb.edu> writes:
> I only placed the check before backward unlinks,
Ah, ok.
>> I wonder if we should add a "size_is_sane()" macro to check for
>> unreasonable sizes before we use them to compute pointers.
> That sounds like a good idea to me. Would you prefer a separate macro
> for prev_size and size that only gets the current chunk as a parameter or
> a single macro that gets a parameter what to check for?
I don't know, I was just wondering if there were some other way to
determine that a size has been corrupted other than consistency checks.