Date: Wed, 30 Mar 2005 15:53:19 -0500 From: Roland Dowdeswell <elric@imrryr.org> To: "ALeine" <aleine@austrosearch.net> Cc: tech-security@netbsd.org Subject: Re: A bunch of memory allocation bugs in CGD Message-ID: <20050330205319.2C0BD3700F@arioch.imrryr.org> In-Reply-To: Your message of "Wed, 30 Mar 2005 10:29:53 PST." <200503301829.j2UITrlt010221@marlena.vvi.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1112207393 seconds since the Beginning of the UNIX epoch "ALeine" wrote: > >Thanks for responding so quickly. No problem. >- the first bug is in cmd_nuke() and could not be seen as much > of a bug because cmd_nuke() is used to destroy lock sectors. > If this fails due to memory starvation no sensitive information > is leaked, only a write(2) call fails and gbde terminates > correctly upon catching and reporting the write error. Having a quick read it looks like the call to cmd_nuke() is preceded by a cmd_open(). cmd_open() loads the decrypted decoded contents of the lock sector into memory which contain all of the information needed to decrypt the disk. In cmd_nuke(), the malloc is followed immediately by a memset(3) which could core dump. -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050330205319.2C0BD3700F>