[CRIU] [PATCH 0/3] IPC: Fix potential buffer overflow and zeroify heap data
Pavel Emelyanov
xemul at parallels.com
Sat Sep 14 06:56:35 EDT 2013
On 09/04/2013 01:37 AM, Cyrill Gorcunov wrote:
> We write IPC data by aligned chunks, so zeroify xmalloc'ed tails.
> In ipc_sem_handler allocate enough space to read image data,
> otherwise we can overwrite some heap data which doesn't belong
> to us (hardly to happen on libc, since it allocates heap data
> by chunks internally, but anyway).
>
> Cyrill Gorcunov (3):
> ipc: Don't access data out of allocated slab
> ipc: Zeroify data tail in dump_ipc_msg_queue_messages
> ipc: Zeroify data tail in dump_ipc_sem_set
>
> ipc_ns.c | 17 ++++++++++++-----
> 1 file changed, 12 insertions(+), 5 deletions(-)
>
applied
More information about the CRIU
mailing list