[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-hackers] [PATCH] *portable* fix for select() buffer overrun
From: |
Peter Bex |
Subject: |
[Chicken-hackers] [PATCH] *portable* fix for select() buffer overrun |
Date: |
Sun, 18 Nov 2012 21:09:51 +0100 |
User-agent: |
Mutt/1.4.2.3i |
Hello all,
Windows is a pain in the neck. Here's a patch that uses poll() on
all systems except Windows. This should work around the buffer overrun
vulnerability in select() described in
http://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html
I hope we can finally check this one off our list; it's been almost
half a year!
I've tested Spiffy on NetBSD with Slowloris, and I couldn't get it to
crash when HAVE_POSIX_POLL was defined, whereas it would crash quickly
when it wasn't (but only in a DEBUGBUILD; for some reason a normal build
won't crash so easily).
Cheers,
Peter
--
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
is especially attractive, not only because it can be economically
and scientifically rewarding, but also because it can be an aesthetic
experience much like composing poetry or music."
-- Donald Knuth
0001-Fix-select-buffer-overrun-vulnerability-by-using-POS.patch
Description: Text document
- [Chicken-hackers] [PATCH] *portable* fix for select() buffer overrun,
Peter Bex <=