Bug Classes/Heap overflow

From Linux Kernel Security Subsystem
Revision as of 22:11, 4 November 2015 by KeesCook (talk | contribs) (Created page with "= Details = Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Details

Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.

Examples

Mitigations

  • runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)
  • guard pages
  • metadata validation (e.g. glibc's heap protections)