Quotes of the week - Kees Cook
Posted Oct 4, 2012 20:30 UTC (Thu) by jnareb
Parent article: Quotes of the week
It's not a very advanced regular expression, but I still find this a bit alarming in the Linux kernel:
$ git log --no-merges v3.5..v3.6 | \
egrep -i '(integer|counter|buffer|stack|fix) (over|under)flow' | \
How many were security relevant? How many got CVEs?
As Junio C Hamano wrote on his blog
(in response to said G+ post) there are only 23 such commits (in which commits there are 31 occurrences, in some commits more than one).
to post comments)