Bug Classes/Heap overflow

From Linux Kernel Security Subsystem
Revision as of 22:11, 4 November 2015 by KeesCook (talk | contribs) (Created page with "= Details = Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Details

Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.

Examples

Mitigations

  • runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)
  • guard pages
  • metadata validation (e.g. glibc's heap protections)