Hi all, A buffer overflow error was found in the POSIX unit's procedures process-execute and process-spawn (bug #1308). The code allocated a buffer of size ARG_MAX for the argument array, and ENV_MAX for the environment array, then copied the strings from the input lists into that buffer *without* checking the length of the lists.
On modern Linuxen, ARG_MAX and ENV_MAX are both undefined, which exacerbated the problem: CHICKEN would fall back to 256 for ARG_MAX and 1024 for ENV_MAX when these were undefined. Additionally, a memory leak existed in this code, which would be triggered when an error is raised during argument and environment processing (e.g., if one of the arguments wasn't a string). A simple workaround is to check the argument/environment list lengths (and optionally the types) yourself before invoking either procedure. You can also override the old procedure to a safe version using set!, which should automatically apply to every invocation of this procedure. A fix has been implemented in master d866ac1 and chicken-5 c598381. The patch for master can be found at http://lists.nongnu.org/archive/html/chicken-hackers/2016-07/msg00049.html Thanks to Vasilij Schneidermann for reporting this bug, and to Christian Kellermann for providing an initial patch. Regards, The CHICKEN Team
signature.asc
Description: Digital signature
_______________________________________________ Chicken-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/chicken-users
