malloc and buffer overflow attacks
Paolo Invernizzi
paolo.invernizzi at gmail.com
Tue Jan 4 09:29:49 UTC 2022
On Monday, 3 January 2022 at 21:00:38 UTC, forkit wrote:
> On Monday, 3 January 2022 at 12:58:33 UTC, Paolo Invernizzi
> wrote:
>>
>> In the vulnerability described in the article, the 'len'
>> parameter is the result of a sum overflowing in a previous for
>> loop, so the problem actually is _outside_ of the allocator.
>>
>
> That is not entirely correct, and could mislead one into
> implementing a less than optimal solution to the problem.
>
> The overflow and the allocater 'together', provide the attack
> surface.
I agree that the _surface_ is the couple, but the vulnerability
to patch is how the needed amount is calculated, and that can be
an arbitrary complex piece of code. A super-duper-safe allocator
does not help here, if we are talking about a system language and
write to memory via pointers arithmetic.
More information about the Digitalmars-d
mailing list