[gnutls-devel] GnuTLS | Automatically NULLify after gnutls_free() (!923)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Feb 22 13:03:41 CET 2019
Nikos Mavrogiannopoulos started a new discussion on NEWS:
>
> * Version 3.6.7 (unreleased)
>
> +** libgnutls, gnutls tools: Every gnutls_free() will automatically set
> + the free'd pointer to NULL. This prevents possible use-after-free and
> + double free issues. Use-after-free will be turned into NULL dereference,
> + effectively turning harmful attacks like remote-code-executions (RCE) into
What about finishing the text at:
`will be turned into NULL dereference.`
The `turned into NULL dereference, effectively turning harmful attacks like remote-code-executions (RCE) into segmentation faults` text, seems to imply that this is not exploitable, but that's hard to prove as it depends on the application. That is, what about:
```
* libgnutls, gnutls tools: Every gnutls_free() will automatically set
the free'd pointer to NULL. This prevents possible use-after-free and
double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using `gnutls_free`.
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/923#note_144026098
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190222/63cbf1aa/attachment-0001.html>
More information about the Gnutls-devel
mailing list