[gnutls-devel] GnuTLS | Automatically NULLify after gnutls_free() (!923)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Feb 22 13:03:41 CET 2019


Nikos Mavrogiannopoulos started a new discussion on NEWS:

>  
>  * Version 3.6.7 (unreleased)
>  
> +** libgnutls, gnutls tools: Every gnutls_free() will automatically set
> +   the free'd pointer to NULL. This prevents possible use-after-free and
> +   double free issues. Use-after-free will be turned into NULL dereference,
> +   effectively turning harmful attacks like remote-code-executions (RCE) into

What about finishing the text at:
`will be turned into NULL dereference.`

The `turned into NULL dereference, effectively turning harmful attacks like remote-code-executions (RCE) into segmentation faults` text, seems to imply that this is not exploitable, but that's hard to prove as it depends on the application. That is, what about:

```
* libgnutls, gnutls tools: Every gnutls_free() will automatically set
   the free'd pointer to NULL. This prevents possible use-after-free and
   double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using `gnutls_free`.
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/923#note_144026098
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190222/63cbf1aa/attachment-0001.html>


More information about the Gnutls-devel mailing list