Tuesday June 07, 2005
The next version of dlmalloc (v2.8) is slated to
include a variant of the heap protection patch as a compile-time option. As a
result, the versions hosted here are now deprecated in favor of the officially
supported version in glibc.
Tuesday December 02, 2003
A new release of our glibc heap protection patch is now available.
This update incorporates fixes for several issues, including a potentially
exploitable weak seeding of
__heap_magic discovered by Eugene
Tsyrklevich, and a vmalloc chunk magic bug reported by Kyle Sallee. Monday November 24, 2003
A new release of our glibc heap protection patch is now available.
This update fixes the inclusion of x86 assembly in a protection macro which
would cause builds to fail on non-x86 architectures. A number of compilation
warnings regarding missing chunk pointer casts within protection macros have
also been addressed.
Sunday November 23, 2003
An updated release of our heap protection patch for glibc is now available
for download.
This update fixes several packaging bugs spotted by Alexander Gabert of the gentoo hardened project which effectively
resulted in non-protected libraries being shipped in previous releases. All
current users are advised to upgrade to the latest release for this reason,
which is v1.3 at the time of this writing.
Also, a non-critical bug which resulted in 4*PAGE_SIZE bytes being allocated for the protected chunk canary seed buffer instead of PAGE_SIZE bytes was spotted by pageexec (at) freemail.hu and has been fixed in this release.
Also, a non-critical bug which resulted in 4*PAGE_SIZE bytes being allocated for the protected chunk canary seed buffer instead of PAGE_SIZE bytes was spotted by pageexec (at) freemail.hu and has been fixed in this release.
Tuesday November 04, 2003
A new release of our heap protection patch for glibc is now available
for download.
This update mainly incorporates better installation support, and includes binary packages for RedHat 9 on i386. Additional platforms will be supported upon user request.
No changes have been made to the overflow detection code itself.
This update mainly incorporates better installation support, and includes binary packages for RedHat 9 on i386. Additional platforms will be supported upon user request.
No changes have been made to the overflow detection code itself.
Friday October 31, 2003
An interim release of our heap protection patch for glibc is now available
for download.
This patch is the latest stable version of our system, which prevents the exploitation of heap overflows in application code. A forthcoming release within the next few days will include better installation support and binary packages for RedHat 9 on i386.
Oh, and Happy Halloween. ;-)
This patch is the latest stable version of our system, which prevents the exploitation of heap overflows in application code. A forthcoming release within the next few days will include better installation support and binary packages for RedHat 9 on i386.
Oh, and Happy Halloween. ;-)