[PATCH 0/6] Buffer fuzzing and pipe deadlock fixes
Ian Jackson
ijackson at chiark.greenend.org.uk
Mon Sep 22 16:45:07 BST 2014
I used and developed these 6 patches while testing the proper fix (as
in 0.3.4) to the recent buffer bugs:
1/6 fds: Provide cloexec() and use it in udp.c
2/6 fds: Set cloexec on logging pipe reading end
3/6 slip: Do not malloc the userv activation context
4/6 slip: Use c_stdin and c_stdout in er everywhere
5/6 slip: Close and cloexec fds as appropriate
6/6 test-example: Provide a fuzzer for the slip decoder
The fuzzer almost instantly reproduces the bug in 0.3.3, and
works with 0.3.4.
Without the fd handling fixes, I found that the fuzzer would hang
after secnet crashed, leaving the process group deadlocked. The fd
handling fixes are _not_ included in 0.3.4, because I felt it best not
to send stuff like that out in an urgent security fix.
More information about the sgo-software-discuss
mailing list