Hi all, It was discovered that our fix for CVE-2012-6125 was incorrect for the internal Scheme symbol table.
The code that sets up the initial symbol table is run _before_ initializing the PRNG, which means the randomization factor uses the initial libc seed state. On most libc implementations this means the symbol table randomization factor is a constant value which does not differ between runs. This allows an attacker who is able to create arbitrary symbols to defeat the hash table's average complexity to the worst case behaviour of a linear search by ensuring these symbols all hash to the same hash bucket. This has been fixed in both the master and chicken-5 branches. A patch is available here: http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt There's no good workaround. One option would be to use LD_PRELOAD with a small library that calls srand() on startup. This issue affects all released versions of CHICKEN. Regards, The CHICKEN Team
signature.asc
Description: PGP signature
_______________________________________________ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users
