[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] incorrect integer conversions in OpenSSL can result in memory corruption.

To: Benjamin Kreuter <ben.kreuter@xxxxxxxxx>
Subject: Re: [Full-disclosure] incorrect integer conversions in OpenSSL can result in memory corruption.
From: Douglas Huff <mith@xxxxxxxxxxxxxx>
Date: Thu, 19 Apr 2012 13:07:46 -0500

On Apr 19, 2012, at 9:32, Benjamin Kreuter <ben.kreuter@xxxxxxxxx> wrote:
> Correct me if I am wrong, but shouldn't this only be a problem on
> systems where a size_t is wider than an int i.e. not on 32 bit systems?

No because size_t is unsigned. Some attacks would rely on being 64 like he 
stated, but not all.

-- 
Douglas Huff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] incorrect integer conversions in OpenSSL can result in memory corruption.
  - From: Tavis Ormandy
- Re: [Full-disclosure] incorrect integer conversions in OpenSSL can result in memory corruption.
  - From: Benjamin Kreuter

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2454-1] openssl security update
Next by Date: [Full-disclosure] DC4420 - London DEFCON - April meet - Tuesday April 24th 2012
Previous by thread: Re: [Full-disclosure] incorrect integer conversions in OpenSSL can result in memory corruption.
Next by thread: Re: [Full-disclosure] incorrect integer conversions in OpenSSL can result in memory corruption.
Index(es):
- Date
- Thread