diff options
author | Miod Vallat <miod@cvs.openbsd.org> | 2014-04-22 21:52:22 +0000 |
---|---|---|
committer | Miod Vallat <miod@cvs.openbsd.org> | 2014-04-22 21:52:22 +0000 |
commit | ad63877b539cf31a63442eec6bac4f2732e403b8 (patch) | |
tree | c2c2c12cf6495cca89f6a6c37715be9cc35fcf9a /usr.bin/rcs/diff.h | |
parent | f543ee8ad141bff0415726832d84ea7de9f82d11 (diff) |
So it turns out that libcrypto on i386 platforms, unconditionaly compiles this
little gem called OPENSSL_indirect_call(), supposedly to be ``handy under
Win32''.
In my view, this is a free-win ROP entry point. Why try and return to libc
when you can return to libcrypto with an easy to use interface?
Better not give that much attack surface, and remove this undocumented
entry point.
ok beck@ tedu@
Diffstat (limited to 'usr.bin/rcs/diff.h')
0 files changed, 0 insertions, 0 deletions