chicken-announce
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-announce] [SECURITY] Potential denial of service due to segfaul


From: Peter Bex
Subject: [Chicken-announce] [SECURITY] Potential denial of service due to segfault in "length" on improper lists
Date: Wed, 31 May 2017 08:48:20 +0200
User-agent: Mutt/1.5.23 (2014-03-12)

Hi all,

We just fixed a potential security issue in the standard Scheme length
procedure.  When length is called on an improper list, the underlying
C function C_i_list incorrectly checks the head of the _input_ list
for being a pair rather than the head of the part currently being
traversed.

This causes the code to (unsafely) take the cdr of a non-pair, which
causes a segmentation fault.  This means that a program that (read)s user
input and calls length on it is susceptible to a denial of service, as
an attacker can induce a crash at will.

This issue has been fixed in master by commit 075e58335f and in the
chicken-5 branch by commit a8b114660.  The patch can be found here:
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html

A simple workaround would be to first call list? on the object before
handing it over to length.

Many thanks to megane for finding and reporting this bug.

Regards,
The CHICKEN Team

Attachment: signature.asc
Description: Digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]