This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/18240] hcreate, hcreate_r should fail with ENOMEM if element count is too large (CVE-2015-8778)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sat, 30 Jan 2016 10:45:30 +0000
- Subject: [Bug libc/18240] hcreate, hcreate_r should fail with ENOMEM if element count is too large (CVE-2015-8778)
- Auto-submitted: auto-generated
- References: <bug-18240-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=18240
--- Comment #11 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.22/master has been updated
via 287de30e170cb765ed326d23d22791a81aab6e0f (commit)
via 43f189b0032fbce67fc0c0f4e122e917cd232670 (commit)
from a73a62562a198072ab417e28d4c0315a78c49cfe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=287de30e170cb765ed326d23d22791a81aab6e0f
commit 287de30e170cb765ed326d23d22791a81aab6e0f
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Jan 28 13:59:11 2016 +0100
Improve check against integer wraparound in hcreate_r [BZ #18240]
(cherry picked from commit bae7c7c764413b23e61cb099ce33be4c4ee259bb)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=43f189b0032fbce67fc0c0f4e122e917cd232670
commit 43f189b0032fbce67fc0c0f4e122e917cd232670
Author: OndÅej BÃlka <neleai@seznam.cz>
Date: Sat Jul 11 17:44:10 2015 +0200
Handle overflow in __hcreate_r
Hi,
As in bugzilla entry there is overflow in hsearch when looking for prime
number as SIZE_MAX - 1 is divisible by 5. We fix that by rejecting large
inputs before looking for prime.
* misc/hsearch_r.c (__hcreate_r): Handle overflow.
(cherry picked from commit 2f5c1750558fe64bac361f52d6827ab1bcfe52bc)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 17 ++++++++++++
NEWS | 4 +-
misc/Makefile | 2 +-
misc/bug18240.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
misc/hsearch_r.c | 30 +++++++++++++--------
5 files changed, 113 insertions(+), 15 deletions(-)
create mode 100644 misc/bug18240.c
--
You are receiving this mail because:
You are on the CC list for the bug.