[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-users] [SECURITY] Buffer overrun in process-execute and process
[Chicken-users] [SECURITY] Buffer overrun in process-execute and process-spawn
Fri, 12 Aug 2016 08:54:19 +0200
A buffer overflow error was found in the POSIX unit's procedures
process-execute and process-spawn (bug #1308). The code allocated a
buffer of size ARG_MAX for the argument array, and ENV_MAX for the
environment array, then copied the strings from the input lists
into that buffer *without* checking the length of the lists.
On modern Linuxen, ARG_MAX and ENV_MAX are both undefined, which
exacerbated the problem: CHICKEN would fall back to 256 for ARG_MAX
and 1024 for ENV_MAX when these were undefined.
Additionally, a memory leak existed in this code, which would be
triggered when an error is raised during argument and environment
processing (e.g., if one of the arguments wasn't a string).
A simple workaround is to check the argument/environment list
lengths (and optionally the types) yourself before invoking
either procedure. You can also override the old procedure to a
safe version using set!, which should automatically apply to
every invocation of this procedure.
A fix has been implemented in master d866ac1 and chicken-5 c598381.
The patch for master can be found at
Thanks to Vasilij Schneidermann for reporting this bug, and to Christian
Kellermann for providing an initial patch.
The CHICKEN Team
Description: Digital signature
- [Chicken-users] [SECURITY] Buffer overrun in process-execute and process-spawn,
Peter Bex <=