[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (select()
[Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun)
Wed, 8 May 2013 20:18:21 +0200
Hello CHICKEN users,
Recently, we fixed a problem related to the use of POSIX select(),
which was assigned CVE-2012-6122.
for more details on the original bug.
We fixed the scheduler, but there remained other places in CHICKEN where
select() was still in use:
- The R5RS char-ready? procedure when invoked on stream ports or custom
input ports created by the process procedure from unit posix (in *NIX)
- The tcp-accept-ready? procedure from unit tcp
- The file-select procedure from unit posix
These have now also been rewritten in terms of POSIX poll(), where
available. This is on all supported platforms except Windows.
As before, there is no danger of buffer overrun on Windows, but
there is a situation where threads may never wake up. There is no
known workaround. A solution may be provided soon.
Currently all released versions of CHICKEN have this bug. It has
been fixed in git master, commit 556108092774086b6c86c2e27daf3f740ffec091.
CHICKEN 4.9.0 will also include the bugfix.
The known workaround is still to limit the maximum number of open
descriptors using the Unix "ulimit -n" command, so that it matches the
value of FD_SETSIZE. This value can be checked by compiling the
following one-line program with csc and running the resulting binary:
(print (foreign-value "FD_SETSIZE" int))
The CHICKEN Team
- [Chicken-announce] [SECURITY] Incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun),
Peter Bex <=