This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/18240] hcreate, hcreate_r should fail with ENOMEM if element count is too large (CVE-2015-8778)

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Sat, 30 Jan 2016 10:45:30 +0000
Subject: [Bug libc/18240] hcreate, hcreate_r should fail with ENOMEM if element count is too large (CVE-2015-8778)
Auto-submitted: auto-generated
References: <bug-18240-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=18240

--- Comment #11 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.22/master has been updated
       via  287de30e170cb765ed326d23d22791a81aab6e0f (commit)
       via  43f189b0032fbce67fc0c0f4e122e917cd232670 (commit)
      from  a73a62562a198072ab417e28d4c0315a78c49cfe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=287de30e170cb765ed326d23d22791a81aab6e0f

commit 287de30e170cb765ed326d23d22791a81aab6e0f
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jan 28 13:59:11 2016 +0100

    Improve check against integer wraparound in hcreate_r [BZ #18240]

    (cherry picked from commit bae7c7c764413b23e61cb099ce33be4c4ee259bb)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=43f189b0032fbce67fc0c0f4e122e917cd232670

commit 43f189b0032fbce67fc0c0f4e122e917cd232670
Author: OndÅej BÃlka <neleai@seznam.cz>
Date:   Sat Jul 11 17:44:10 2015 +0200

    Handle overflow in __hcreate_r

    Hi,

    As in bugzilla entry there is overflow in hsearch when looking for prime
    number as SIZE_MAX - 1 is divisible by 5. We fix that by rejecting large
    inputs before looking for prime.

        * misc/hsearch_r.c (__hcreate_r): Handle overflow.

    (cherry picked from commit 2f5c1750558fe64bac361f52d6827ab1bcfe52bc)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog        |   17 ++++++++++++
 NEWS             |    4 +-
 misc/Makefile    |    2 +-
 misc/bug18240.c  |   75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 misc/hsearch_r.c |   30 +++++++++++++--------
 5 files changed, 113 insertions(+), 15 deletions(-)
 create mode 100644 misc/bug18240.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]