This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- From: Chris Evans <scarybeasts at gmail dot com>
- To: DJ Delorie <dj at redhat dot com>
- Cc: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>, libc-alpha at sourceware dot org, Florian Weimer <fweimer at redhat dot com>
- Date: Fri, 27 Oct 2017 11:45:58 -0700
- Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- Authentication-results: sourceware.org; auth=none
- References: <email@example.com> <firstname.lastname@example.org>
Thanks so much for looking into this. I haven't had time to analyze the patch, but it is surely better than my original bungled attempt. Thanks for adding a more correct defense here!
On Thu, Oct 26, 2017 at 8:49 PM, DJ Delorie <email@example.com>
Moritz Eckert <firstname.lastname@example.org> writes:
> So for my current patch idea, would you prefer it with or without a
> macro and keeping the check inside unlink or not?
I think your original patch is OK as is, I'm just waiting to give
Florian a chance to offer a second opinion. IIRC he's on vacation this