From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/179 Path: news.gmane.org!not-for-mail From: Solar Designer Newsgroups: gmane.linux.lib.musl.general Subject: cluts memcpy() test Date: Wed, 20 Jul 2011 04:28:58 +0400 Message-ID: <20110720002858.GA29175@openwall.com> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1311121758 16893 80.91.229.12 (20 Jul 2011 00:29:18 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 20 Jul 2011 00:29:18 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-263-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jul 20 02:29:14 2011 Return-path: Envelope-to: gllmg-musl@lo.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by lo.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1QjKf1-0004QB-OC for gllmg-musl@lo.gmane.org; Wed, 20 Jul 2011 02:29:11 +0200 Original-Received: (qmail 1834 invoked by uid 550); 20 Jul 2011 00:29:10 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 1798 invoked from network); 20 Jul 2011 00:29:06 -0000 Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Xref: news.gmane.org gmane.linux.lib.musl.general:179 Archived-At: Luka, Rich - It'd be nice for cluts to detect issues like this: http://www.nodefense.org/eglibc.txt Maybe it already does? "... an attacker controllable length value is used to calculate the jump table pointer index in the optimized copy function. Setting the length value to a negative number will cause a jmp instruction to be skipped due to an signedness vulnerbility, resulting in attacker supplied value being used to calculate the location of a jump table function, resulting in malicious code execution." Alexander