On Thu, Apr 10, 2014 at 4:18 PM, John Moser <john.r.mo...@gmail.com> wrote:
> Also why has nobody corrected me on this yet? I've read El Reg's > analysis, and they missed a critical detail that I didn't see until I read > the code in context: IT ALLOCATES TOO SMALL OF A WRITE BUFFER, TOO. Okay, > it would send out the payload on exploit. It would also kill a heap canary > that glibc should catch on free(). > > Christ maybe you're right. I'm looking at this again and I'm wrong: it DOES allocate big enough of a payload. Obviously I am not a programmer. There actually is no memory allocator bug in this code; it uses the allocator entirely correctly.
