This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/18240] hcreate, hcreate_r should fail with ENOMEM if element count is too large (CVE-2015-8778)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sat, 30 Jan 2016 10:48:45 +0000
- Subject: [Bug libc/18240] hcreate, hcreate_r should fail with ENOMEM if element count is too large (CVE-2015-8778)
- Auto-submitted: auto-generated
- References: <bug-18240-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=18240
--- Comment #13 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.19/master has been updated
via 3c9e8d9477aba0f514171bb4706670052544479b (commit)
via b5cba5cff937e5336ff23380785da80cab09146c (commit)
from fd6e33ebd157966fed025a8cf68f2f0835dcbf02 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3c9e8d9477aba0f514171bb4706670052544479b
commit 3c9e8d9477aba0f514171bb4706670052544479b
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Jan 28 13:59:11 2016 +0100
Improve check against integer wraparound in hcreate_r [BZ #18240]
(cherry picked from commit bae7c7c764413b23e61cb099ce33be4c4ee259bb)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b5cba5cff937e5336ff23380785da80cab09146c
commit b5cba5cff937e5336ff23380785da80cab09146c
Author: OndÅej BÃlka <neleai@seznam.cz>
Date: Sat Jul 11 17:44:10 2015 +0200
Handle overflow in __hcreate_r
Hi,
As in bugzilla entry there is overflow in hsearch when looking for prime
number as SIZE_MAX - 1 is divisible by 5. We fix that by rejecting large
inputs before looking for prime.
* misc/hsearch_r.c (__hcreate_r): Handle overflow.
(cherry picked from commit 2f5c1750558fe64bac361f52d6827ab1bcfe52bc)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 17 ++++++++++++
NEWS | 2 +-
misc/Makefile | 3 +-
misc/bug18240.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
misc/hsearch_r.c | 30 +++++++++++++--------
5 files changed, 113 insertions(+), 14 deletions(-)
create mode 100644 misc/bug18240.c
--
You are receiving this mail because:
You are on the CC list for the bug.