This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks

From: Florian Weimer <fweimer at redhat dot com>
To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>, DJ Delorie <dj at redhat dot com>
Cc: libc-alpha at sourceware dot org, scarybeasts at gmail dot com
Date: Thu, 16 Aug 2018 17:02:09 +0200
Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
References: <xn4lqp4laq.fsf@greed.delorie.com> <82d1760e-ef0f-9f0f-57be-3848f2b8d0ad@cs.ucsb.edu> <692369cd-e44d-e8b4-4dd2-95d188113658@redhat.com> <6a8f115d-41bd-114c-0a92-e543ef9ac8de@cs.ucsb.edu> <1103164033.27274244.1509731042658.JavaMail.zimbra@redhat.com> <451a7502-0209-c2c7-da92-f7c747425808@redhat.com> <d15d20fd-4283-a256-df5d-c0782a21decf@cs.ucsb.edu>

On 11/03/2017 10:56 PM, Moritz Eckert wrote:

Alternately, a simple XOR with a magic number means a set-to-zerowould un-XOR to a horribly wrong new "size". Even a fixed magicnumber would increase hackability significantly, although aper-process one would be better (and more expensive to do at runtime,unfortunately).
See my old heap protector patches. You could probably swap in bswapin place of the encryption, and it will just work.
Where do I find those patches?


I posted them here:

  https://sourceware.org/ml/libc-alpha/2016-10/msg00531.html

There probably has been some code drift, so the patch won't apply as-is.

Florian

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]