A buffer overflow error was found in the POSIX unit's procedures process-execute and process-spawn. The code allocated a buffer of size ARG_MAX for the argument array, and ENV_MAX for the environment array, then copied the strings from the input lists into that buffer *without* checking the length of the lists. On modern Linuxen, ARG_MAX and ENV_MAX are both undefined, which exacerbated the problem: CHICKEN would fall back to 256 for ARG_MAX and 1024 for ENV_MAX when these were undefined. Additionally, a memory leak existed in this code, which would be triggered when an error is raised during argument and environment processing (e.g., if one of the arguments wasn't a string). References: http://seclists.org/oss-sec/2016/q3/276
Created chicken tracking bugs for this issue: Affects: fedora-all [bug 1369109] Affects: epel-all [bug 1369110]
Fix is in testing.