funsec mailing list archives
Offset-to-NULL Vulnerability?
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 15 Oct 2012 23:47:35 -0400
Hi All, I was reading iOS 6 Kernel Security: A Hacker’s Guide, http://media.caballe.cat/2012/10/iOS6_Security.pdf. What is the "Offset-to-NULL" vulnerability (page 41)? I've never heard the term before. I can think of two items. First, a struct member is dereferenced so the resulting addition wraps to NULL (implying a [very high] bogus address is passed in for the struct pointer). Second is anything in the first 64KB of memory so a deference lands in the NULL page (or whatever size of __PAGE_ZERO). Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Offset-to-NULL Vulnerability? Jeffrey Walton (Oct 15)