Deutsch English Français Italiano |
<utfmd6$1nv2m$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> Newsgroups: comp.lang.c Subject: Re: A Famous Security Bug Date: Wed, 20 Mar 2024 15:02:14 -0700 Organization: A noiseless patient Spider Lines: 17 Message-ID: <utfmd6$1nv2m$1@dont-email.me> References: <bug-20240320191736@ram.dialup.fu-berlin.de> <utfdte$1lou1$1@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Wed, 20 Mar 2024 22:02:15 -0000 (UTC) Injection-Info: dont-email.me; posting-host="52d051050d0f5afbf153f83776a931b4"; logging-data="1834070"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1//f9aoXbx7j9Ej1hA9m0mkL7UxD9GVZ+U=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:m6O4HlE4Qe44SaAMcu/Jk/iYOlQ= Content-Language: en-US In-Reply-To: <utfdte$1lou1$1@dont-email.me> Bytes: 1515 On 3/20/2024 12:37 PM, Chris M. Thomasson wrote: > On 3/20/2024 11:18 AM, Stefan Ram wrote: >> A "famous security bug": >> >> void f( void ) >> { char buffer[ MAX ]; >> /* . . . */ >> memset( buffer, 0, sizeof( buffer )); } >> >> . Can you see what the bug is? >> >> (I have already read the answer; I post it as a pastime.) > > Add in a volatile? ;^) Instead of zeroing, what about filling it with random bytes reaped from a TRNG?