public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "siddhesh at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/14547] strcoll integer / buffer overflow
Date: Mon, 23 Sep 2013 06:00:00 -0000 [thread overview]
Message-ID: <bug-14547-131-WiTiGXbzdb@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-14547-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=14547
Siddhesh Poyarekar <siddhesh at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |siddhesh at redhat dot com
Resolution|--- |FIXED
--- Comment #7 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
Fixed in master:
commit 303e567a8062200dc06acde7c76fc34679f08d8f
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Mon Sep 23 11:24:30 2013 +0530
Check for integer overflow in cache size computation in strcoll
strcoll is implemented using a cache for indices and weights of
collation sequences in the strings so that subsequent passes do not
have to search through collation data again. For very large string
inputs, the cache size computation could overflow. In such a case,
use the fallback function that does not cache indices and weights of
collation sequences.
Fixes CVE-2012-4412.
commit 141f3a77fe4f1b59b0afa9bf6909cd2000448883
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Mon Sep 23 11:20:02 2013 +0530
Fall back to non-cached sequence traversal and comparison on malloc fail
strcoll currently falls back to alloca if malloc fails, resulting in a
possible stack overflow. This patch implements sequence traversal and
comparison without caching indices and rules.
Fixes CVE-2012-4424.
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2013-09-23 6:00 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-05 20:59 [Bug libc/14547] New: " jsm28 at gcc dot gnu.org
2012-09-05 21:13 ` [Bug libc/14547] " jsm28 at gcc dot gnu.org
2012-09-06 16:55 ` jsm28 at gcc dot gnu.org
2012-09-06 17:03 ` ppluzhnikov at google dot com
2012-09-08 3:38 ` bugdal at aerifal dot cx
2012-09-11 9:53 ` shaun.colley at ioactive dot com
2012-09-11 15:52 ` shaun.colley at ioactive dot com
2013-09-23 6:00 ` siddhesh at redhat dot com [this message]
2013-10-25 13:10 ` mancha1 at hush dot com
2013-10-25 13:17 ` mancha1 at hush dot com
2013-10-25 13:30 ` siddhesh at redhat dot com
2013-10-25 15:03 ` mancha1 at hush dot com
2014-02-16 19:41 ` jackie.rosen at hushmail dot com
2014-05-28 19:41 ` schwab at sourceware dot org
2014-06-13 10:47 ` fweimer at redhat dot com
2014-06-13 11:43 ` [Bug libc/14547] strcoll integer / buffer overflow (CVE-2012-4412, CVE-2012-4424) fweimer at redhat dot com
2015-02-24 11:36 ` fweimer at redhat dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-14547-131-WiTiGXbzdb@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).