This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks

From: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
To: DJ Delorie <dj at redhat dot com>
Cc: libc-alpha at sourceware dot org, scarybeasts at gmail dot com, fweimer at redhat dot com
Date: Mon, 23 Oct 2017 14:45:48 -0700
Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
Authentication-results: sourceware.org; auth=none
References: <xn4lqp4laq.fsf@greed.delorie.com>

I wonder if we should add a "size_is_sane()" macro to check for
unreasonable sizes before we use them to compute pointers.

That sounds like a good idea to me. Would you prefer a separate macro
for prev_size and size that only gets the current chunk as a parameter or
a single macro that gets a parameter what to check for?

I don't know, I was just wondering if there were some other way to
determine that a size has been corrupted other than consistency checks.

Oh I see. I thought you meant a "size_is_sane()" macro, for doingconsistency checks whenever

using size or prev_size to calculate a chunk pointer.

Unfortunately, this would also have a problem with "forward"calculations, since the prev_size is only set for freechunks and therefore, can't be always verified. Nevertheless, such amacro could make my patch look cleaner, since there is

only one central spot for the check.

References:
- Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
  - From: DJ Delorie

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]