[CRIU] [PATCH 0/3] IPC: Fix potential buffer overflow and zeroify heap data
Cyrill Gorcunov
gorcunov at openvz.org
Tue Sep 3 17:37:29 EDT 2013
We write IPC data by aligned chunks, so zeroify xmalloc'ed tails.
In ipc_sem_handler allocate enough space to read image data,
otherwise we can overwrite some heap data which doesn't belong
to us (hardly to happen on libc, since it allocates heap data
by chunks internally, but anyway).
Cyrill Gorcunov (3):
ipc: Don't access data out of allocated slab
ipc: Zeroify data tail in dump_ipc_msg_queue_messages
ipc: Zeroify data tail in dump_ipc_sem_set
ipc_ns.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
--
1.8.1.4
More information about the CRIU
mailing list