Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Jul 2011 04:28:58 +0400
From: Solar Designer <solar@...nwall.com>
To: musl@...ts.openwall.com
Subject: cluts memcpy() test

Luka, Rich -

It'd be nice for cluts to detect issues like this:

http://www.nodefense.org/eglibc.txt

Maybe it already does?

"... an attacker controllable length value is used to calculate the jump
table pointer index in the optimized copy function. Setting the length
value to a negative number will cause a jmp instruction to be skipped
due to an signedness vulnerbility, resulting in attacker supplied value
being used to calculate the location of a jump table function, resulting
in malicious code execution."

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.