Wireshark · Ethereal-dev: Re: [Ethereal-dev] Does emem need guard pages?

[Ulf Lamping <ulf.lamping@xxxxxx>]

ronnie sahlberg wrote:
> Eventhough it appears the fuzztesting and the value_string termination 
> audit and the str...() replacement tasks seems to have been very 
> successful
> (i feel a major decrease in number of vulnerabilities and issues 
> compared to 6 months ago)
> it would not hurt to add more.
While looking at the bugs fixed over the last months, I really think 
there are a lot more not yet found :-(
>  
> But instead of MMU tricks to trigger SEGV, would it not be sufficient 
> (and simpler) to add a "canary" value prior to the allocation as 
> well,   then have the canary values build a linked list of  head/tail 
> canaries.   A list that can occasionally (and when the list is 
> destroyed/released) be walked to verify that the pointers and the 
> canary values look sane.
Using canary indicates a problem, but sometimes makes it really hard to 
find the cause of such a problem. Using SEGV takes you directly to the 
problem ...
> Lets add a canary to just prior to the allocated memory also instead 
> of just at the  tail of the allocated memory.
Reasonable.  
> I think that when a canary is found to be corrupted this is evidence 
> of memory corruption and then it is perfectly valid to abort immediately. 
That's just a matter of personal opinion to abort or try to continue ...

Regards, ULFL