This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]

From: Rical Jasan <rj at 2c3t dot io>
To: "H.J. Lu" <hjl dot tools at gmail dot com>
Cc: Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Fri, 18 Jan 2019 19:23:05 -0800
Subject: Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
References: <20190117165351.25914-1-hjl.tools@gmail.com> <87bm4ep7df.fsf@oldenburg2.str.redhat.com> <CAMe9rOq0wYwkXB_po_3CqMu7T=vJxtxGkXsxUuq-L5mghEPQCw@mail.gmail.com> <87r2d9loy4.fsf@oldenburg2.str.redhat.com> <CAMe9rOq00c2-bgMqsinU88_Jfi8+-Fsirpy3MWS2UQgCcXFaWw@mail.gmail.com> <87pnstk98r.fsf@oldenburg2.str.redhat.com> <CAMe9rOpNGBH7BJxgjVpL1BTUvVY4OQ9U4Cuap3rRoUDtqjNb1g@mail.gmail.com> <87lg3hk8c2.fsf@oldenburg2.str.redhat.com> <CAMe9rOqUARg+zYPTodYXYJ0k0e4UJrK02QwS+_ZgoKse8N1Tuw@mail.gmail.com>

On 01/18/2019 12:47 PM, H.J. Lu wrote:
> Now it has:
> 
>   CVE-2019-6488: On x32, the size_t parameter may be passed in the lower
>   32 bits of a 64-bit register with with non-zero upper 32 bit.  When it
>   happened, the string/memory functions written in assembly would cause a
>   buffer overflow because the full 64-bit register was used as the 32-bit
>   size_t value.  Reported by H.J. Lu.

How about:

CVE-2019-6488: On x32, the size_t parameter may be passed in the lower
32 bits of a 64-bit register with non-zero upper 32 bits, causing a
buffer overflow in string and memory functions written in assembly when
the full 64-bit register was used as the 32-bit size_t value.

Rical

Follow-Ups:
- Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: Florian Weimer

References:
- [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: H.J. Lu
- Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: Florian Weimer
- Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: H.J. Lu
- Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: Florian Weimer
- Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: H.J. Lu
- Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: Florian Weimer
- Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: H.J. Lu
- Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: Florian Weimer
- Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
  - From: H.J. Lu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]