This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Possibly a bug in glibc around the getrandom(2) implementation.

From: Jeffrey Walton <noloader at gmail dot com>
To: Florian Weimer <fw at deneb dot enyo dot de>
Cc: libc-help at sourceware dot org
Date: Fri, 14 Jul 2017 11:47:41 -0400
Subject: Re: Possibly a bug in glibc around the getrandom(2) implementation.
Authentication-results: sourceware.org; auth=none
References: <00dbbfa7-05ce-9d3f-d32b-e519c8c0dfc3@zoho.eu> <87bmondnyy.fsf@mid.deneb.enyo.de>
Reply-to: noloader at gmail dot com

On Fri, Jul 14, 2017 at 11:42 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
> * Marcin Mielniczuk:
>
>> The stack is being smashed, indeed!
>
> |                   long ind = 0;
> |                   while (ind < buflen) {
> |                       ptrace(PTRACE_POKEDATA, pid, bufptr + ind, 0);
> |                       ind += sizeof(long);
> |                   }
>
> This writes beyond the end of the buffer if buflen is not a multiple
> of sizeof (long).

Nice find based on the discussion.

References:
- Possibly a bug in glibc around the getrandom(2) implementation.
  - From: Marcin Mielniczuk
- Re: Possibly a bug in glibc around the getrandom(2) implementation.
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]