Re: ssh crc32 exploit on Linux

From: Michel Arboi (arboiat_private)
Date: Sat Apr 28 2001 - 11:23:44 PDT

Next message: ByteRage: "Winamp 2.73 buffer overflow"

Previous message: Rajkumar S.: "Re: Hijack IP Address using cable modem"
In reply to: Franklin DeMatto: "ssh crc32 exploit on Linux"
Next in thread: Michel Kaempf: "Re: ssh crc32 exploit on Linux"
Reply: Michel Kaempf: "Re: ssh crc32 exploit on Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- Franklin DeMatto <franklinat_private> a écrit :
> It  is  worth  mentioning  that  existing  standards  promote  two
> possible  behaviours  for  malloc()  when  it  is  called  with
> an argument of 0:
>     - Failure, returning NULL
>     - Success,  returning  a  valid  address pointing at a
> zero-sized object.

IIRC, ANSI C (and POSIX?) specified (or prefered) the first behaviour
for both malloc and realloc.

> Linux, apparently, is not modern enough :-/

I am not sure it has something to do with modernity.

> However, I found that only the realloc() does this, but for some
> reason, an original malloc(0) works fine.

Looks illogical... Maybe changing the behaviour of malloc would break
too much source code.

[I did not investigate your attack]



___________________________________________________________
Do You Yahoo!? -- Pour faire vos courses sur le Net,
Yahoo! Shopping : http://fr.shopping.yahoo.com

Next message: ByteRage: "Winamp 2.73 buffer overflow"
Previous message: Rajkumar S.: "Re: Hijack IP Address using cable modem"
In reply to: Franklin DeMatto: "ssh crc32 exploit on Linux"
Next in thread: Michel Kaempf: "Re: ssh crc32 exploit on Linux"
Reply: Michel Kaempf: "Re: ssh crc32 exploit on Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Apr 28 2001 - 23:35:16 PDT