[PATCH] Do not leave random talloc magic in free()'ed memory
Andrew Bartlett
abartlet at samba.org
Thu Dec 21 07:13:55 UTC 2017
G'Day,
I've been thinking about ways that our talloc magic protection might be
avoided and reading the magic from memory that has recently been
free()ed would be a good attack.
So this patch marks this memory with a fixed magic. All valid use of
memory still uses the random magic.
This passed a full autobuild.
Please carefully review!
On my re-look it might need to tweak talloc_chunk_from_ptr() a little
(when other flags could be set), but I would like other thoughts too!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: talloc-magic-protection.patch
Type: text/x-patch
Size: 7351 bytes
Desc:
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171221/0e9d3b39/talloc-magic-protection.bin>
More information about the samba-technical
mailing list