This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- From: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
- To: DJ Delorie <dj at redhat dot com>
- Cc: fweimer at redhat dot com, libc-alpha at sourceware dot org, scarybeasts at gmail dot com
- Date: Sat, 6 Jan 2018 18:48:16 -0800
- Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- Authentication-results: sourceware.org; auth=none
- References: <xnmv3oxv5p.fsf@greed.delorie.com>
Trying to ping again for this patch as well as where to find the patches
Florian mentioned.
Happy New Year:-)
On 11/14/2017 04:06 PM, DJ Delorie wrote:
> Moritz Eckert <m.eckert@cs.ucsb.edu> writes:
>>> But as of now, regarding my proposed patch, it would prevent the
>>> Poison-Null-Byte attack immediately and with no performance impact,
>>> which seems like a good solution until the heap protector is ready.
> I'm OK with the original patch that moves the size check outside the
> unlink() macro, at least. Wait for a second +1, then it should be OK to
> apply.