Re: Confusion Flaw?

[Jeffrey Walton <noloader () gmail com>]

On Tue, Jan 24, 2012 at 6:19 PM,  <Valdis.Kletnieks () vt edu> wrote:
> On Tue, 24 Jan 2012 18:04:13 EST, Jeffrey Walton said:
> > From USN-1263-2 (http://www.ubuntu.com/usn/usn-1263-2/):
> >
> >     It was discovered that a type confusion flaw existed in the in
> >     the Internet Inter-Orb Protocol (IIOP) deserialization code. A
> >     remote attacker could use this to cause an untrusted application
> >     or applet to execute arbitrary code by deserializing malicious
> >     input. (CVE-2011-3521)
> >
> > I give - what is a confusion flaw?
>
> 'type confusion' - where a programmer forgot what type a variable had. Was that
> a signed int or an unsigned int?  32-bit or 64-bit? A pointer to a string, or a
> pointer to a struct?
Gotcha.

Perhaps he was following Linus' lead: when static analysis warned the
kernel's sys_prctl was comparing an unsigned value against less than
zero, Jesper Juhl offered a patch to clean up the code. Linus Torvalds
decried “No, we don't do this... GCC is crap”.
See Re: [PATCH] Don't compare unsigned variable for <0 in sys_prctl()
[http://linux.derkeiler.com/Mail-
ing-Lists/Kernel/2006-11/msg08325.html].

Jeff
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.