Kangjie Lu

icon company UMN icon location More projects: https://github.com/umnsec

Results 3 comments of Kangjie Lu

Definition of findLackingChecks?

You can ignore this function. The functionality is realized with other functions.

Attacker can corrupt code locator to target another function deterministically

This "data-only" attack is indeed cool. The assumption here is that the normal developer obtains the "displacement" of the member virtual function and saves it in unsafe memory. Attackers can...

Attacker can corrupt code locator to target another function deterministically

If the displacement is dereferenced through vtable, then randomizing entries in vtables would help mitigate such attacks. Anyway, this attack sounds very interesting, especially when targeting non-virtual members. I would...