On Tue, Jan 24, 2012 at 6:19 PM, <valdis.kletni...@vt.edu> wrote: > On Tue, 24 Jan 2012 18:04:13 EST, Jeffrey Walton said: >> From USN-1263-2 (http://www.ubuntu.com/usn/usn-1263-2/): >> >> It was discovered that a type confusion flaw existed in the in >> the Internet Inter-Orb Protocol (IIOP) deserialization code. A >> remote attacker could use this to cause an untrusted application >> or applet to execute arbitrary code by deserializing malicious >> input. (CVE-2011-3521) >> >> I give - what is a confusion flaw? > > 'type confusion' - where a programmer forgot what type a variable had. Was > that > a signed int or an unsigned int? 32-bit or 64-bit? A pointer to a string, or > a > pointer to a struct? Gotcha.
Perhaps he was following Linus' lead: when static analysis warned the kernel's sys_prctl was comparing an unsigned value against less than zero, Jesper Juhl offered a patch to clean up the code. Linus Torvalds decried “No, we don't do this... GCC is crap”. See Re: [PATCH] Don't compare unsigned variable for <0 in sys_prctl() [http://linux.derkeiler.com/Mail- ing-Lists/Kernel/2006-11/msg08325.html]. Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
