This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks



Sorry, I'm not getting my idea across.  Let me try again.

I'm thinking, something that tests a size *before* we consider it in the
context of a chunk, such as this one:

   https://www.sourceware.org/ml/libc-alpha/2017-10/msg01202.html

One might also consider certain combinations of the three low order
bits, like setting both the A (arena) and M (mmap'd) bits at the same
time.

Even if we had such a test, though, we'd still need to carefully
consider all the places we'd use it - comparing possible utility vs
performance degredation.



Ah I see. That's a good check btw:-)


> But please don't consider this a requirement for any pending patches, I
> was just thinking out loud ;-)
>

So for my current patch idea, would you prefer it with or without a macro and keeping the check inside unlink or not?


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]