Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.c > #383811 > unrolled thread

Re: A Famous Security Bug

Back to article view | Back to comp.lang.c

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: A Famous Security Bug "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> - 2024-03-20 12:37 -0700
    Re: A Famous Security Bug "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> - 2024-03-20 12:45 -0700
    Re: A Famous Security Bug "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> - 2024-03-20 15:02 -0700
      Re: A Famous Security Bug Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2024-03-20 16:19 -0700
        Re: A Famous Security Bug "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> - 2024-03-20 19:45 -0700

#383811 — Re: A Famous Security Bug

On 3/20/2024 11:18 AM, Stefan Ram wrote:
>    A "famous security bug":
> 
> void f( void )
> { char buffer[ MAX ];
>    /* . . . */
>    memset( buffer, 0, sizeof( buffer )); }
> 
>    . Can you see what the bug is?
> 
>    (I have already read the answer; I post it as a pastime.)

Add in a volatile? ;^)

[toc] | [next] | [standalone]

#383813

On 3/20/2024 12:37 PM, Chris M. Thomasson wrote:
> On 3/20/2024 11:18 AM, Stefan Ram wrote:
>>    A "famous security bug":
>>
>> void f( void )
>> { char buffer[ MAX ];
>>    /* . . . */
>>    memset( buffer, 0, sizeof( buffer )); }
>>
>>    . Can you see what the bug is?
>>
>>    (I have already read the answer; I post it as a pastime.)
> 
> Add in a volatile? ;^)

Also, show us the definition of MAX...

[toc] | [prev] | [next] | [standalone]

#383821

On 3/20/2024 12:37 PM, Chris M. Thomasson wrote:
> On 3/20/2024 11:18 AM, Stefan Ram wrote:
>>    A "famous security bug":
>>
>> void f( void )
>> { char buffer[ MAX ];
>>    /* . . . */
>>    memset( buffer, 0, sizeof( buffer )); }
>>
>>    . Can you see what the bug is?
>>
>>    (I have already read the answer; I post it as a pastime.)
> 
> Add in a volatile? ;^)

Instead of zeroing, what about filling it with random bytes reaped from 
a TRNG?

[toc] | [prev] | [next] | [standalone]

#383823

"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:
> On 3/20/2024 12:37 PM, Chris M. Thomasson wrote:
>> On 3/20/2024 11:18 AM, Stefan Ram wrote:
>>>    A "famous security bug":
>>>
>>> void f( void )
>>> { char buffer[ MAX ];
>>>    /* . . . */
>>>    memset( buffer, 0, sizeof( buffer )); }
>>>
>>>    . Can you see what the bug is?
>>>
>>>    (I have already read the answer; I post it as a pastime.)
>> Add in a volatile? ;^)
>
> Instead of zeroing, what about filling it with random bytes reaped
> from a TRNG?

Why?

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Medtronic
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#383824

On 3/20/2024 4:19 PM, Keith Thompson wrote:
> "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> writes:
>> On 3/20/2024 12:37 PM, Chris M. Thomasson wrote:
>>> On 3/20/2024 11:18 AM, Stefan Ram wrote:
>>>>     A "famous security bug":
>>>>
>>>> void f( void )
>>>> { char buffer[ MAX ];
>>>>     /* . . . */
>>>>     memset( buffer, 0, sizeof( buffer )); }
>>>>
>>>>     . Can you see what the bug is?
>>>>
>>>>     (I have already read the answer; I post it as a pastime.)
>>> Add in a volatile? ;^)
>>
>> Instead of zeroing, what about filling it with random bytes reaped
>> from a TRNG?
> 
> Why?
> 

Those zeros might be "targets" for a nefarious program?

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.c

csiph-web