Hello Chicken users, Recently a vulnerability was found in some of Chicken's string processing code. As you know, NUL bytes are representable by Scheme strings, but not by C strings (where they are treated as terminators). This mismatch is properly handled by the FFI by throwing an exception when it finds embedded NUL bytes.
Most of Chicken's internal code either uses the FFI or the underlying procedure that performs this check. However, in a few places this didn't happen. Notably the standard R5RS file procedures do not check for embedded NUL bytes. The list of affected procedures is as follows: - From unit "posix": * process * process-execute * process-run * get-environment-variable (via C_get_environment_variable) - From unit "library": * system (via C_execute_shell_command) * ##sys#message (via C_message) * string->number (via C_a_i_string_to_number) * ##sys#open-file-port (via C_open_file_port) and its clients: - open-input-file - open-output-file - call-with-input-file and its clients: - include - load - read-file (from "extras") - read-all (from "utils") - with-input-from-file - call-with-output-file and its clients: - create-temporary-file (from "files") - with-output-to-file If you are using any of these procedures or the underlying C procedures, you might be vulnerable to a "poisoned NUL byte attack". The fix is to either check manually in your program for embedded NUL bytes or apply git revision d9f2ad87b42f. This patch is also available in 4.8.0rc3 (but not rc2!) and will make it into the final 4.8.0 release. Finally, ##sys#halt is affected too, but only under Windows in GUI mode. This is currently unpatched. ##sys#halt will halt the process, displaying a message, so abuse of this procedure is extremely unlikely (it can result in truncated error messages). After the release, we will try to come up with a more complete approach to fixing these problems. Kind regards, The Chicken Team References ---------- http://www.phrack.org/issues.html?issue=55&id=7#article http://www.ouah.org/nullbyte.html _______________________________________________ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users