Use-After-Free Exploit Again?!?
It's an all too common attack. Hackers break C code by finding a way to re-use a freed pointer. A recent exploit was serious enough for Google to issue an emergency Chrome update.
For a business perspective, read the Forbes article.
For a technical look, watch the youtube video from Low Level.
This is an old problem with an old, and apparently forgotten, solution.
I've written about before: Pointers Don't Create Memory Bugs, Programmers Do.Just set your pointer to NULL after freeing it:
free (ptr);
ptr = NULL;
ptr = NULL;
It's a simple measure, and can be made even simpler with a macro:
#define FREE(ptr) (free(ptr), ptr = NULL)
Thus, any subsequent use of the NULL pointer will trigger a segment fault (crash) and make any exploit useless. A bonus benefit is that it could catch stray pointers in development and QA, rather than have them wait silently in production.
While this technique won't catch every use-after-free attack, I'd argue it would prevent most. It's a good first line of defense that should be in every C/C++ developers toolkit.

Comments