He seems to think stack overflows are not always checked.https://twitter.com/ErrataRob/status/1193243682444578816 …
-
-
-
There's always a guard page and at least on most platforms there is a stack probe as well for large activation records. Alloca is forbidden so that avenue of exploitation is closed off. So this is unexploitable on x86 and is probably unexploitable elsewhere too.
- 1 more reply
New conversation -
-
-
I love how I have most of the people in that thread blocked
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
My brain hurts from just reading a few tweets, can't finish the thread.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I mean, the dude got Errata in his name…
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
When I wrote an mDNS parser in C, the biggest issue was all the pointer arithmetic for following the name compression, not really the size of the decompression buffer. Either way, Rust would’ve helped a ton, as verifying that thing was awful (ended up just throwing AFL at it)
-
Isn’t doing the decompression recursively also a bit naive? Mine was for embedded so not sure what other implementations are like. The size of the packet is bounded, but the pointers can go to arbitrary depth, so I did it iteratively and threw in guardrails for length and depth.
End of conversation
New conversation -
-
-
why does anybody still pay attention to that guy?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.