Don't like this style? Click here to change it! blue.css
Here are the SECURE SOFTWARE DESIGN flaws to avoid for heap work:
These came from a great heap exploitation post: https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques/
Alright I'm attempting to make tcache-poisoning our mother tongue.
We've done a complete exploit in 2.31.
So now, what other things do I need to know? What other issues arise?
First of all, glibc 2.34+ will be a mystery to us for a little bit still (FSOP is coming)
For now let's just do one change:
To do this we want to, very carefully, create a FAKE CHUNK by editing the meta-data of a chunk and making it seem larger than it is.
That's one new concept today, if you're not careful you'll corrupt the chunk. If you do it right you'll get your leak from the unsorted bin.
Take a look carefully at the source code, particularly the edit routine.
There is an overflow! We can write a little bit more than we should be able to.
That's a new heap flaw for us that is in the top 3 for unlocking heap exploits.
For reference, here's yesterday's exploit part: