This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- From: DJ Delorie <dj at redhat dot com>
- To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
- Cc: fweimer at redhat dot com, libc-alpha at sourceware dot org, scarybeasts at gmail dot com
- Date: Tue, 14 Nov 2017 19:06:26 -0500
- Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- Authentication-results: sourceware.org; auth=none
Moritz Eckert <m.eckert@cs.ucsb.edu> writes:
>> But as of now, regarding my proposed patch, it would prevent the
>> Poison-Null-Byte attack immediately and with no performance impact,
>> which seems like a good solution until the heap protector is ready.
I'm OK with the original patch that moves the size check outside the
unlink() macro, at least. Wait for a second +1, then it should be OK to
apply.