Branch: refs/heads/oss-fuzz-5363002606419968
Home: https://github.com/openssl/openssl
Commit: 40b02c39a53f3002bfeb146a6ab38d9385acc479
https://github.com/openssl/openssl/commit/40b02c39a53f3002bfeb146a6ab38d9385acc479
Author: Neil Horman <nhor...@openssl.org>
Date: 2024-07-12 (Fri, 12 Jul 2024)
Changed paths:
M crypto/property/property.c
Log Message:
-----------
Set down_load factor on hash table when culling items in doall
oss-fuzz noted this issue:
https://oss-fuzz.com/testcase-detail/5363002606419968
Which reports a heap buffer overflow during ossl_method_cache_flush_some
Its occuring because we delete items from the hash table while inside
its doall iterator
The iterator in lhash.c does a reverse traversal of all buckets in the
hash table, and at some point a removal during an iteration leads to the
hash table shrinking, by calling contract. When that happens, the
bucket index becomes no longer valid, and if the index we are on is
large, it exceeds the length of the list, leading to an out of band
reference, and the heap buffer overflow report.
Fix it by preventing contractions from happening during the iteration,
but setting the down_load factor to 0, and restoring it to its initial
value after the iteration is done
To unsubscribe from these emails, change your notification settings at
https://github.com/openssl/openssl/settings/notifications
