This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: Possibly a bug in glibc around the getrandom(2) implementation.
- From: Jeffrey Walton <noloader at gmail dot com>
- To: Florian Weimer <fw at deneb dot enyo dot de>
- Cc: libc-help at sourceware dot org
- Date: Fri, 14 Jul 2017 11:47:41 -0400
- Subject: Re: Possibly a bug in glibc around the getrandom(2) implementation.
- Authentication-results: sourceware.org; auth=none
- References: <00dbbfa7-05ce-9d3f-d32b-e519c8c0dfc3@zoho.eu> <87bmondnyy.fsf@mid.deneb.enyo.de>
- Reply-to: noloader at gmail dot com
On Fri, Jul 14, 2017 at 11:42 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
> * Marcin Mielniczuk:
>
>> The stack is being smashed, indeed!
>
> | long ind = 0;
> | while (ind < buflen) {
> | ptrace(PTRACE_POKEDATA, pid, bufptr + ind, 0);
> | ind += sizeof(long);
> | }
>
> This writes beyond the end of the buffer if buflen is not a multiple
> of sizeof (long).
Nice find based on the discussion.