Date: Sat, 16 Sep 2023 16:58:45 +0200 From: jvoisin <julien.voisin@...tri.org> To: musl@...ts.openwall.com Subject: Re: [PATCH v2] Add a safe dequeue integrity check for mallocng On 16/09/2023 09:08, James Raphael Tiovalen wrote: > This commit adds an integrity check to allow for safer dequeuing of the > out-of-band meta structs in mallocng. If the unlikely condition is true > due to some sort of heap metadata corruption, we abort. Since asserts aren't present in production code, I don't think that this change is useful. > This approach is similar to the safe unlinking check performed by glibc. The metadata in musl's heap implementation are stored out-of-bound. Should an attacker be able to locate and modify them, it's already game over. Adding a `m->prev->next == m && m->next->prev == m` would only impede attackers if they only have an arbitrary read and a one-shot arbitrary write that can only overwrite one `meta` instead. This seems pretty contrived (as in "unlikely) to me. Do you have any particular scenario in mind? 1. https://git.musl-libc.org/cgit/musl/tree/include/assert.h
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.