Re: A bunch of memory allocation bugs in CGD
From: Roland Dowdeswell (elric_at_imrryr.org)
Date: 03/30/05
- Previous message: H. S.: "Re: A few thoughts.."
- In reply to: ALeine: "Re: A bunch of memory allocation bugs in CGD"
- Next in thread: ALeine: "Re: A bunch of memory allocation bugs in CGD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "ALeine" <aleine@austrosearch.net> Date: Wed, 30 Mar 2005 15:53:19 -0500
On 1112207393 seconds since the Beginning of the UNIX epoch
"ALeine" wrote:
>
>Thanks for responding so quickly.
No problem.
>- the first bug is in cmd_nuke() and could not be seen as much
> of a bug because cmd_nuke() is used to destroy lock sectors.
> If this fails due to memory starvation no sensitive information
> is leaked, only a write(2) call fails and gbde terminates
> correctly upon catching and reporting the write error.
Having a quick read it looks like the call to cmd_nuke() is preceded
by a cmd_open(). cmd_open() loads the decrypted decoded contents
of the lock sector into memory which contain all of the information
needed to decrypt the disk. In cmd_nuke(), the malloc is followed
immediately by a memset(3) which could core dump.
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: H. S.: "Re: A few thoughts.."
- In reply to: ALeine: "Re: A bunch of memory allocation bugs in CGD"
- Next in thread: ALeine: "Re: A bunch of memory allocation bugs in CGD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
