FreeSentry

FreeSentry is an LLVM plugin that makes exploitation of use-after-free vulnerabilities more difficult.

Such vulnerabilities can lead to remote code execution when exploited. These vulnerabilities are difficult to spot during code reviews because of the complexity of dynamic memory operations, where the free can occur thousands of lines from the actual re-use. Many of these vulnerabilities may not cause any runtime errors during regular operation unless specific conditions are met, making them hard to detect through automated testing.

The mitigation is accomplished by dynamically tracking memory. When a memory location is freed, all pointers to that location are invalidated. If a use-after-free occurs within a program, the program will attempt to use one of the invalidated pointers and will crash, thus preventing an attacker from exploiting the vulnerability. Since any attempted use of the pointer will result in a crash, it can also be used to detect the existence of use-after-free vulnerabilities more easily when using fuzzing techniques against the software.

This technique has also found new vulnerabilities, particularly in a popular performance benchmark that was missed by similar mitigations. A paper describing the mitigation was published at NDSS.: FreeSentry: Protecting Against Use-After-Free-Vulnerabilities Due to Dangling Pointers.

*Note - This tool is not officially supported and the user assumes all liability for the use of this tool.