Hi all, We just fixed a potential security issue in the standard Scheme length procedure. When length is called on an improper list, the underlying C function C_i_list incorrectly checks the head of the _input_ list for being a pair rather than the head of the part currently being traversed.
This causes the code to (unsafely) take the cdr of a non-pair, which causes a segmentation fault. This means that a program that (read)s user input and calls length on it is susceptible to a denial of service, as an attacker can induce a crash at will. This issue has been fixed in master by commit 075e58335f and in the chicken-5 branch by commit a8b114660. The patch can be found here: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html A simple workaround would be to first call list? on the object before handing it over to length. Many thanks to megane for finding and reporting this bug. Regards, The CHICKEN Team
signature.asc
Description: Digital signature
_______________________________________________ Chicken-users mailing list Chicken-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-users