| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jan 2024 18:44:02 -0500 From: Brennan Xavier McManus <bxmcmanus@...il.com> To: Willy Tarreau <w@....eu> Cc: Thomas Weißschuh <linux@...ssschuh.net>, Ammar Faizi <ammarfaizi2@...weeb.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: [PATCH] tools/nolibc/stdlib: fix memory error in realloc() Pass user_p_len to memcpy() instead of heap->len to prevent realloc() from copying an extra sizeof(heap) bytes from beyond the allocated region. Signed-off-by: Brennan Xavier McManus <bxmcmanus@...il.com> --- All tests from Ammar's original test program pass: https://gist.github.com/ammarfaizi2/db0af6aa0b95a0c7478bce64e349f021 This fix was tested with the following added test for realloc(): https://github.com/brennan913/nolibc-test/blob/main/nolibc_test.c#L73-L120 tools/include/nolibc/stdlib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/nolibc/stdlib.h b/tools/include/nolibc/stdlib.h index bacfd35c5156..5be9d3c7435a 100644 --- a/tools/include/nolibc/stdlib.h +++ b/tools/include/nolibc/stdlib.h @@ -185,7 +185,7 @@ void *realloc(void *old_ptr, size_t new_size) if (__builtin_expect(!ret, 0)) return NULL; - memcpy(ret, heap->user_p, heap->len); + memcpy(ret, heap->user_p, user_p_len); munmap(heap, heap->len); return ret; } -- 2.39.2
Powered by blists - more mailing lists