Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 37763 - Sanity check the forward and backward chunk pointers in the unlink() macro
Summary: Sanity check the forward and backward chunk pointers in the unlink() macro
Status: RESOLVED DUPLICATE of bug 38630
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] GCC Porting (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Please assign to toolchain
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-01-09 22:01 UTC by solar (RETIRED)
Modified: 2005-07-17 13:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
glibc-2.3.3_pre20031222.ebuild.diff (glibc-2.3.3_pre20031222.ebuild.diff,1.31 KB, patch)
2004-01-09 22:03 UTC, solar (RETIRED) 		Details | Diff
glibc-2.3.3-owl-malloc-unlink-sanity-check.diff (glibc-2.3.3-owl-malloc-unlink-sanity-check.diff,1.39 KB, patch)
2004-01-09 22:04 UTC, solar (RETIRED) 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description solar (RETIRED) gentoo-dev 2004-01-09 22:01:33 UTC 
Sanity check the forward and backward chunk pointers in the unlink() macro used by Doug Lea's implementation of malloc(3). If the pointers are determined to have been overwritten, the process will be forced to terminate thereby reducing the impact of a common class of attacks on memory overwrite vulnerabilities present in various applications. Credit for the idea for this countermeasure is due to Stefan Esser.
Comment 1 solar (RETIRED) gentoo-dev 2004-01-09 22:03:32 UTC 
Created attachment 23529 [details, diff]
glibc-2.3.3_pre20031222.ebuild.diff
Comment 2 solar (RETIRED) gentoo-dev 2004-01-09 22:04:12 UTC 
Created attachment 23530 [details, diff]
glibc-2.3.3-owl-malloc-unlink-sanity-check.diff
Comment 3 solar (RETIRED) gentoo-dev 2004-01-21 13:20:24 UTC 
hrmm aparently I've opened this bug twice.


*** This bug has been marked as a duplicate of 38630 ***