Interesting new class of bugs I need to write about and report: select requires pointers to objects of type fd_set, but some programs including OpenSSH pass it a pointer to malloc'd memory sized only for nfds, not sizeof(fd_set).
No, its just a conformance bug that could trap or crash with heap corruption depending on posix implementation choices, not depending on attacker-controlled conditions.
-
-
However trying to be compatible with their hack precludes hardening of select against UB/overflows, so that could be seen as a security impact.
-
thanks. See, this (among other reasons) is why I follow you.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.