Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.c > #383823
| From | Keith Thompson <Keith.S.Thompson+u@gmail.com> |
|---|---|
| Newsgroups | comp.lang.c |
| Subject | Re: A Famous Security Bug |
| Date | 2024-03-20 16:19 -0700 |
| Organization | None to speak of |
| Message-ID | <87r0g41ofh.fsf@nosuchdomain.example.com> (permalink) |
| References | <bug-20240320191736@ram.dialup.fu-berlin.de> <utfdte$1lou1$1@dont-email.me> <utfmd6$1nv2m$1@dont-email.me> |
"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:
> On 3/20/2024 12:37 PM, Chris M. Thomasson wrote:
>> On 3/20/2024 11:18 AM, Stefan Ram wrote:
>>> A "famous security bug":
>>>
>>> void f( void )
>>> { char buffer[ MAX ];
>>> /* . . . */
>>> memset( buffer, 0, sizeof( buffer )); }
>>>
>>> . Can you see what the bug is?
>>>
>>> (I have already read the answer; I post it as a pastime.)
>> Add in a volatile? ;^)
>
> Instead of zeroing, what about filling it with random bytes reaped
> from a TRNG?
Why?
--
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Medtronic
void Void(void) { Void(); } /* The recursive call of the void */
Back to comp.lang.c | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Re: A Famous Security Bug "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> - 2024-03-20 12:37 -0700
Re: A Famous Security Bug "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> - 2024-03-20 12:45 -0700
Re: A Famous Security Bug "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> - 2024-03-20 15:02 -0700
Re: A Famous Security Bug Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2024-03-20 16:19 -0700
Re: A Famous Security Bug "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> - 2024-03-20 19:45 -0700
csiph-web