[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-announce] [SECURITY] Buffer overrun in process-execute and proc

From: Peter Bex
Subject: [Chicken-announce] [SECURITY] Buffer overrun in process-execute and process-spawn
Date: Fri, 12 Aug 2016 08:54:19 +0200
User-agent: Mutt/1.5.23 (2014-03-12)

Hi all,

A buffer overflow error was found in the POSIX unit's procedures
process-execute and process-spawn (bug #1308).  The code allocated a
buffer of size ARG_MAX for the argument array, and ENV_MAX for the
environment array, then copied the strings from the input lists
into that buffer *without* checking the length of the lists.

On modern Linuxen, ARG_MAX and ENV_MAX are both undefined, which
exacerbated the problem: CHICKEN would fall back to 256 for ARG_MAX
and 1024 for ENV_MAX when these were undefined.

Additionally, a memory leak existed in this code, which would be
triggered when an error is raised during argument and environment
processing (e.g., if one of the arguments wasn't a string).

A simple workaround is to check the argument/environment list
lengths (and optionally the types) yourself before invoking
either procedure.  You can also override the old procedure to a
safe version using set!, which should automatically apply to
every invocation of this procedure.

A fix has been implemented in master d866ac1 and chicken-5 c598381.
The patch for master can be found at

Thanks to Vasilij Schneidermann for reporting this bug, and to Christian
Kellermann for providing an initial patch.


Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]