![]() The handlers can also further pass the “Signal” object to other functions. The signal handlers can access the data as signal->getDataPtr() or with a few other methods. The “Signal” object that each handler receives contains untrusted data. Most of the vulnerabilities reported were in these message handlers, also known as signal handlers. The NDB blocks are implemented as C++ classes, and each block registers multiple signal handlers during initialization, which are also methods of the class. MySQL NDB Cluster defines functionalities as “blocks” and messages passing between them as “signals”. This section provides details on message handling and how the message handlers can be identified for analysis. ![]() MySQL Cluster has a message passing architecture, and interesting taint sources are the messages themselves. To get taint analysis working, it is essential to define the taint sources clearly. All the analysis in this article is based on MySQL Cluster 8.0.25 and Binary Ninja. ![]() I approached this as a graph reachability problem, for which Tainted Flow Analysis on e-SSA-form Programs served as an excellent reference.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |