]> git.ipfire.org Git - thirdparty/glibc.git/commit
projects / thirdparty / glibc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1680350) | patch
malloc: Verify size of top chunk.
authorPochang Chen <johnchen902@gmail.com>
Thu, 16 Aug 2018 19:24:24 +0000 (15:24 -0400)
committerCarlos O'Donell <carlos@redhat.com>
Fri, 9 Nov 2018 15:16:35 +0000 (10:16 -0500)
commit510a25f2d208e3b0c86f54b053f61c5b647e4b9b
tree5e33ff399a69dd997831a1a6ad3870ff58d70b54tree
parent168035056eab9db4ee0e5d7f62060e111b86a0a4commit | diff
malloc: Verify size of top chunk.

The House of Force is a well-known technique to exploit heap
overflow. In essence, this exploit takes three steps:
1. Overwrite the size of top chunk with very large value (e.g. -1).
2. Request x bytes from top chunk. As the size of top chunk
   is corrupted, x can be arbitrarily large and top chunk will
   still be offset by x.
3. The next allocation from top chunk will thus be controllable.

If we verify the size of top chunk at step 2, we can stop such attack.

(cherry picked from commit 30a17d8c95fbfb15c52d1115803b63aaa73a285c)
ChangeLog diff | blob | blame | history
malloc/malloc.c diff | blob | blame | history
A mirror of the official glibc repository