[CRIU] [PATCH 0/3] IPC: Fix potential buffer overflow and zeroify heap data

Pavel Emelyanov xemul at parallels.com
Sat Sep 14 06:56:35 EDT 2013


On 09/04/2013 01:37 AM, Cyrill Gorcunov wrote:
> We write IPC data by aligned chunks, so zeroify xmalloc'ed tails.
> In ipc_sem_handler allocate enough space to read image data,
> otherwise we can overwrite some heap data which doesn't belong
> to us (hardly to happen on libc, since it allocates heap data
> by chunks internally, but anyway).
> 
> Cyrill Gorcunov (3):
>   ipc: Don't access data out of allocated slab
>   ipc: Zeroify data tail in dump_ipc_msg_queue_messages
>   ipc: Zeroify data tail in dump_ipc_sem_set
> 
>  ipc_ns.c | 17 ++++++++++++-----
>  1 file changed, 12 insertions(+), 5 deletions(-)
> 


applied


More information about the CRIU mailing list