Bug Classes/Heap overflow

From Linux Kernel Security Subsystem

Jump to navigation Jump to search

Details

Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.

Examples

pty race condition

Mitigations

runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)
guard pages
metadata validation (e.g. glibc's heap protections)

Retrieved from "http://kernsec.org/wiki/index.php?title=Bug_Classes/Heap_overflow&oldid=3729"