Use-After-Free Exploit Again?!?

-

 


It's an all too common attack. Hackers break C code by finding a way to re-use a freed pointer. A recent exploit was serious enough for Google to issue an emergency Chrome update.

For a business perspective, read the Forbes article.

For a technical look, watch the youtube video from Low Level.

This is an old problem with an old, and apparently forgotten, solution. I've written about before: Pointers Don't Create Memory Bugs, Programmers Do.

Just set your pointer to NULL after freeing it:

    free (ptr);
    ptr = NULL;

It's a simple measure, and can be made even simpler with a macro:

    #define FREE(ptr)    (free(ptr), ptr = NULL) 

Thus, any subsequent use of the NULL pointer will trigger a segment fault (crash) and make any exploit useless. A bonus benefit is that it could catch stray pointers in development and QA, rather than have them wait silently in production.

While this technique won't catch every use-after-free attack, I'd argue it would prevent most. It's a good first line of defense that should be in every C/C++ developers toolkit.


Comments

Post a Comment

Popular posts from this blog

MR2 Check Engine

-
Image
Shown here is the 1991 Toyota MR2. Thanks to the mechanical skills of a family enthusiast, it purrs, growls, and turbo whistles like a dream.   My hardware ability doesn't go much further than oil changes. Rather, my expertise is in software, and I wrote an app for Android and iOS to diagnose the flashes of the check engine light. This second generation MR2 predates the OBD2 connector, a standard used to diagnose engine, transmission, and emissions problems quickly and easily. Instead, we have a flashing check engine light which needs some deciphering, followed by a lookup in the service manual. Basically, you count flashes to arrive at fault code number. A short pause (~1.5 seconds) indicates the start of the next digit. A medium pause (~2.5 seconds) indicates start of the next fault code. And a long pause (~4.5 seconds) means the sequence has ended and will repeat. The video below corresponds to the codes 41 and 51. Using the the MR2 Check app and selecting the 3S-GTE engine...
Read more

My Intersection With Artificial Intelligence

-
Image
  The car in front of me misjudged a traffic light and stopped in the crosswalk. Braking early, I left a gap should the driver wish to back up. Then I wondered, would an autonomous vehicle extend the same courtesy? But I'm getting ahead of myself. Before being courteous, autonomous driving has yet to master the rules of road. There are two prevailing approaches: solve for general AI or use geo-fencing.  The former, pursued by Tesla, is harder to achieve but will make autonomous cars capable of driving on almost any road. The latter, used by GM Cruise and Alphabet Waymo, is easier to achieve, but restricts autonomous cars to certain locations. GM Cruise is already accepting fares for its driverless taxi in San Francisco. The service, however, is bound by both time and space, allowed only to run between 10pm and 6am (lighter traffic) and within a 7x7 mile area. Choices and trade-offs such as these are common when planning and building a future. Thirty years ago, Apple introduce...
Read more