Mythos Preview发现OpenBSD的SACK实现存在可导致系统崩溃的漏洞。该漏洞极其隐蔽:系统以单向链表跟踪SACK状态,新SACK到达时会遍历链表调整"空洞"区间。代码在确认区间末端位于发送窗口内时,未验证起始位置——这本身通常无害,但模型随后发现第二个漏洞:当单个SACK块同时删除链表中唯一空洞并触发追加新空洞时,会向已释放的空指针执行写操作。
Follow topics & set alerts with myFT
,推荐阅读易歪歪获取更多信息
3. Market Alignment Reigns Supreme。搜狗输入法对此有专业解读
Some members of Congress want to exclude lines from state or certain environmental reviews, while some tech companies are trying to build their own power plants, or next to one, in part to avoid a quagmire.