This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: Possibly a bug in glibc around the getrandom(2) implementation.
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: Marcin Mielniczuk <marmistrz dot dev at zoho dot eu>
- Cc: libc-help at sourceware dot org
- Date: Fri, 14 Jul 2017 17:42:29 +0200
- Subject: Re: Possibly a bug in glibc around the getrandom(2) implementation.
- Authentication-results: sourceware.org; auth=none
- References: <00dbbfa7-05ce-9d3f-d32b-e519c8c0dfc3@zoho.eu>
* Marcin Mielniczuk:
> The stack is being smashed, indeed!
| long ind = 0;
| while (ind < buflen) {
| ptrace(PTRACE_POKEDATA, pid, bufptr + ind, 0);
| ind += sizeof(long);
| }
This writes beyond the end of the buffer if buflen is not a multiple
of sizeof (long).