Difference between revisions of "Bug Classes/Heap overflow"

From Linux Kernel Security Subsystem
Jump to navigation Jump to search
(Created page with "= Details = Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata...")
 
(No difference)

Latest revision as of 22:11, 4 November 2015

Details

Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.

Examples

Mitigations

  • runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)
  • guard pages
  • metadata validation (e.g. glibc's heap protections)
Retrieved from "http://kernsec.org/wiki/index.php?title=Bug_Classes/Heap_overflow&oldid=3729"