summaryrefslogtreecommitdiff
path: root/libc/stdlib/malloc-standard/free.c
AgeCommit message (Collapse)Author
2020-02-16Add Safe-Linking to fastbinsEyal Itkin
Safe-Linking is a security mechanism that protects single-linked lists (such as the fastbins) from being tampered by attackers. The mechanism makes use of randomness from ASLR (mmap_base), and when combined with chunk alignment integrity checks, it protects the pointers from being hijacked by an attacker. While Safe-Unlinking protects double-linked lists (such as the small bins), there wasn't any similar protection for attacks against single-linked lists. This solution protects against 3 common attacks: * Partial pointer override: modifies the lower bytes (Little Endian) * Full pointer override: hijacks the pointer to an attacker's location * Unaligned chunks: pointing the list to an unaligned address The design assumes an attacker doesn't know where the heap is located, and uses the ASLR randomness to "sign" the single-linked pointers. We mark the pointer as P and the location in which it is stored as L, and the calculation will be: * PROTECT(P) := (L >> PAGE_SHIFT) XOR (P) * *L = PROTECT(P) This way, the random bits from the address L (which start at the bits in the PAGE_SHIFT position), will be merged with the LSB of the stored protected pointer. This protection layer prevents an attacker from modifying the pointer into a controlled value. An additional check that the chunks are MALLOC_ALIGNed adds an important layer: * Attackers can't point to illegal (unaligned) memory addresses * Attackers must guess correctly the alignment bits On standard 32 bit Linux machines, an attacker will directly fail 7 out of 8 times, and on 64 bit machines it will fail 15 out of 16 times. The proposed solution adds 3-4 asm instructions per malloc()/free() and therefore has only minor performance implications if it has any. A similar protection was added to Chromium's version of TCMalloc in 2013, and according to their documentation the performance overhead was less than 2%. Signed-off-by: Eyal Itkin <eyalit@checkpoint.com>
2018-01-31malloc: add glibc compat symbolsWaldemar Brodkorb
2015-03-18malloc-standard: Add locking to malloc_trimBernhard Reutner-Fischer
Closes bugzilla #4586 Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
2009-09-18trim Experimentally off and uncommented hiddenBernhard Reutner-Fischer
sed -i -e '/Experimentally off - /d' $(grep -rl "Experimentally off - " *) sed -i -e '/^\/\*[[:space:]]*libc_hidden_proto(/d' $(grep -rl "libc_hidden_proto" *) should be a nop Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
2008-11-20Last portion of libc_hidden_proto removal.Denis Vlasenko
Appears to build fine (several .configs tried)
2006-12-07Major cleanup of internal mutex locking. Be more consistant in how we doEric Andersen
things, and avoid potential deadlocks caused when a thread holding a uClibc internal lock get canceled and terminates without releasing the lock. This change also provides a single place, bits/uClibc_mutex.h, for thread libraries to modify to change all instances of internal locking.
2006-02-09just drop all of the debug codeMike Frysinger
2006-02-08Bernhard Fischer says: get rid of local ret variableMike Frysinger
2006-01-14hidden_def/hidden_proto: convert all users (I hope) termios split, add some ↵Peter S. Mazinger
missing headers, other jump relocs removed
2005-12-13__malloc_consolidate is only libc internal, enable use of __sbrkPeter S. Mazinger
2005-12-04More hiding, 300 leftPeter S. Mazinger
2005-01-19Avoid compiler warnings.Peter Kjellerstedt
2004-11-08Some requested additional malloc entry pointsEric Andersen
2003-12-30Rework malloc. The new default implementation is based on dlmalloc from DougEric Andersen
Lea. It is about 2x faster than the old malloc-930716, and behave itself much better -- it will properly release memory back to the system, and it uses a combination of brk() for small allocations and mmap() for larger allocations. -Erik