[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-announce] [SECURITY] Potential denial of service due to segfaul
[Chicken-announce] [SECURITY] Potential denial of service due to segfault in "length" on improper lists
Wed, 31 May 2017 08:48:20 +0200
We just fixed a potential security issue in the standard Scheme length
procedure. When length is called on an improper list, the underlying
C function C_i_list incorrectly checks the head of the _input_ list
for being a pair rather than the head of the part currently being
This causes the code to (unsafely) take the cdr of a non-pair, which
causes a segmentation fault. This means that a program that (read)s user
input and calls length on it is susceptible to a denial of service, as
an attacker can induce a crash at will.
This issue has been fixed in master by commit 075e58335f and in the
chicken-5 branch by commit a8b114660. The patch can be found here:
A simple workaround would be to first call list? on the object before
handing it over to length.
Many thanks to megane for finding and reporting this bug.
The CHICKEN Team
Description: Digital signature
|[Prev in Thread]
||[Next in Thread]|
- [Chicken-announce] [SECURITY] Potential denial of service due to segfault in "length" on improper lists,
Peter Bex <=