[tz] ALL_STATE not "all" enough

todd tglassey at certichron.com
Thu Jun 19 12:51:36 UTC 2014

did the NSA fix this in their secured "droid" port?


On 6/18/2014 8:00 PM, enh wrote:
> thanks. i've switched Android over to your more complete fix.
> On Sat, Jun 14, 2014 at 11:45 PM, Paul Eggert <eggert at cs.ucla.edu> wrote:
>> enh wrote:
>>> we'll fix this in Android (the first hunk in
>>> https://android-review.googlesource.com/#/c/94653/) but it would be nice
>>> if
>>> this were fixed upstream too so we don't have to diverge more than we
>>> already have.
>> Thanks for mentioning this.  I installed the attached patch into the
>> experimental repository on github.  This should fix the problem you
>> mentioned, along with a couple of other problems of the same ilk.  This
>> patch tries to things a bit so more-efficiently than what Android does, by
>> calling malloc at most once per function.
>> This patch assumes the buffer-overrun patch that I recently posted to the
>> list.

More information about the tz mailing list