This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Possibly a bug in glibc around the getrandom(2) implementation.

From: Florian Weimer <fw at deneb dot enyo dot de>
To: Marcin Mielniczuk <marmistrz dot dev at zoho dot eu>
Cc: libc-help at sourceware dot org
Date: Fri, 14 Jul 2017 17:42:29 +0200
Subject: Re: Possibly a bug in glibc around the getrandom(2) implementation.
Authentication-results: sourceware.org; auth=none
References: <00dbbfa7-05ce-9d3f-d32b-e519c8c0dfc3@zoho.eu>

* Marcin Mielniczuk:

> The stack is being smashed, indeed!

|                   long ind = 0;
|                   while (ind < buflen) {
|                       ptrace(PTRACE_POKEDATA, pid, bufptr + ind, 0);
|                       ind += sizeof(long);
|                   }

This writes beyond the end of the buffer if buflen is not a multiple
of sizeof (long).

Follow-Ups:
- Re: Possibly a bug in glibc around the getrandom(2) implementation.
  - From: Jeffrey Walton

References:
- Possibly a bug in glibc around the getrandom(2) implementation.
  - From: Marcin Mielniczuk

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]