Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

2
Examples of exploiting unsafe signal handlers (CWE-479)
Post Flair (click to view more posts with a particular flair)
Analysis
Post Body

A program I'm testing has a null dereference bug which transfers control to a segv handler. The handler then does some logging (including stack info from the glibc back trace functions).

The null dereference doesn't by itself seem exploitable but from reading references like to CWE-479 it may be possible to use the logging code to corrupt memory, perhaps if there's a way to use multiple signals? Has anyone got any working examples of exploits that use this approach? There are a few online but they're all old.

Author
Account Strength
10%
Account Age
4 months
Verified Email
No
Verified Flair
No
Total Karma
29
Link Karma
6
Comment Karma
23
Profile updated: 4 days ago
kingbreager

Subreddit

r/AskNetsec

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
4 months ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/AskNetsec/c...