public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug malloc/17344] New: Enhance glibc metadata hardening with the attached patch
@ 2014-09-03 1:31 scarybeasts at gmail dot com
2014-09-04 11:15 ` [Bug malloc/17344] " fweimer at redhat dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: scarybeasts at gmail dot com @ 2014-09-03 1:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17344
Bug ID: 17344
Summary: Enhance glibc metadata hardening with the attached
patch
Product: glibc
Version: 2.21
Status: NEW
Severity: normal
Priority: P2
Component: malloc
Assignee: unassigned at sourceware dot org
Reporter: scarybeasts at gmail dot com
Created attachment 7769
--> https://sourceware.org/bugzilla/attachment.cgi?id=7769&action=edit
Check linked list integrity for the large sized chunk list too.
As a follow-on from my recent glibc exploit:
http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
I'd have really been slowed down, perhaps even stopped, if the the existing
metadata hardening tricks were extended to one more place. I've attached a
patch. It checks doubly-linked list integrity on unlink in one more place: the
linked list for larger-sized chunks.
Please consider applying it. There was already an assert() for this check, this
patch simply elevates this from an assert() to a runtime check.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug malloc/17344] Enhance glibc metadata hardening with the attached patch
2014-09-03 1:31 [Bug malloc/17344] New: Enhance glibc metadata hardening with the attached patch scarybeasts at gmail dot com
@ 2014-09-04 11:15 ` fweimer at redhat dot com
2014-09-10 8:23 ` fweimer at redhat dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-09-04 11:15 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17344
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security-
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
This is hardening, although it is very desirable to have.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug malloc/17344] Enhance glibc metadata hardening with the attached patch
2014-09-03 1:31 [Bug malloc/17344] New: Enhance glibc metadata hardening with the attached patch scarybeasts at gmail dot com
2014-09-04 11:15 ` [Bug malloc/17344] " fweimer at redhat dot com
@ 2014-09-10 8:23 ` fweimer at redhat dot com
2014-09-11 9:02 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-09-10 8:23 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17344
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at sourceware dot org |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug malloc/17344] Enhance glibc metadata hardening with the attached patch
2014-09-03 1:31 [Bug malloc/17344] New: Enhance glibc metadata hardening with the attached patch scarybeasts at gmail dot com
2014-09-04 11:15 ` [Bug malloc/17344] " fweimer at redhat dot com
2014-09-10 8:23 ` fweimer at redhat dot com
@ 2014-09-11 9:02 ` cvs-commit at gcc dot gnu.org
2014-09-11 9:03 ` fweimer at redhat dot com
2014-10-31 21:22 ` cvs-commit at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2014-09-11 9:02 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17344
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 52ffbdf25a1100986f4ae27bb0febbe5a722ab25 (commit)
from 984c0ea97f649c869130a1ff099098e2b6f70aad (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52ffbdf25a1100986f4ae27bb0febbe5a722ab25
commit 52ffbdf25a1100986f4ae27bb0febbe5a722ab25
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed Sep 10 20:29:15 2014 +0200
malloc: additional unlink hardening for non-small bins [BZ #17344]
Turn two asserts into a conditional call to malloc_printerr. The
memory locations are accessed later anyway, so the performance
impact is minor.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
NEWS | 2 +-
malloc/malloc.c | 6 ++++--
3 files changed, 11 insertions(+), 3 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug malloc/17344] Enhance glibc metadata hardening with the attached patch
2014-09-03 1:31 [Bug malloc/17344] New: Enhance glibc metadata hardening with the attached patch scarybeasts at gmail dot com
` (2 preceding siblings ...)
2014-09-11 9:02 ` cvs-commit at gcc dot gnu.org
@ 2014-09-11 9:03 ` fweimer at redhat dot com
2014-10-31 21:22 ` cvs-commit at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-09-11 9:03 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17344
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Florian Weimer <fweimer at redhat dot com> ---
Fixed in 2.21.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug malloc/17344] Enhance glibc metadata hardening with the attached patch
2014-09-03 1:31 [Bug malloc/17344] New: Enhance glibc metadata hardening with the attached patch scarybeasts at gmail dot com
` (3 preceding siblings ...)
2014-09-11 9:03 ` fweimer at redhat dot com
@ 2014-10-31 21:22 ` cvs-commit at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2014-10-31 21:22 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=17344
--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via b09adb5b46327e4a2ea354d5524280146d9c6015 (commit)
from 94a42455257226361fedf37a0ad7fc1d9d131645 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b09adb5b46327e4a2ea354d5524280146d9c6015
commit b09adb5b46327e4a2ea354d5524280146d9c6015
Author: Joseph Myers <joseph@codesourcery.com>
Date: Fri Oct 31 21:21:15 2014 +0000
Add bug 15215 to NEWS; move bug 17344 to correct version's list in NEWS.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-10-31 21:22 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-03 1:31 [Bug malloc/17344] New: Enhance glibc metadata hardening with the attached patch scarybeasts at gmail dot com
2014-09-04 11:15 ` [Bug malloc/17344] " fweimer at redhat dot com
2014-09-10 8:23 ` fweimer at redhat dot com
2014-09-11 9:02 ` cvs-commit at gcc dot gnu.org
2014-09-11 9:03 ` fweimer at redhat dot com
2014-10-31 21:22 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).