On Sun, Oct 04, 2020 at 09:51:14AM +0200, Otto Moerbeek wrote:
> On Tue, Sep 29, 2020 at 08:17:54AM +0200, Otto Moerbeek wrote:
>
> > Hi,
> >
> > until now, canary bytes (used by the C olption) were the same as the
> > bytes used to junk (0xfd). This means that certain overwrites are not
> > detected, like setting the high bit.
> >
> > This makes the byte value used to write canaries random. I do not want
> > to complicate the code to handle all combinatuon of F and C, so 0xfd
> > is still acepted as a canary byte.
> >
> > Please test with all your favourite combinations of malloc flags.
>
> Any takers apart from tb@ who tested this earlier?
>
> -Otto
This works fine for me (mostly tested with CFJ since you first sent me
your diff) and also catches the BN_rand() issue that led to this the
expected ~50% of times.
I would have put braces around the do {} while loop in the second hunk,
but it's your code :)
ok tb
