Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1447556 - glibc: malloc: check for chunk_size == next->prev->chunk_size in unlink
glibc: malloc: check for chunk_size == next->prev->chunk_size in unlink
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: glibc (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: DJ Delorie
Sergey Kolosov
:
Depends On:
Blocks: 1473718
  Show dependency treegraph
 
Reported: 2017-05-03 04:02 EDT by Florian Weimer
Modified: 2018-04-10 10:00 EDT (History)
7 users (show)

See Also:
Fixed In Version: glibc-2.17-197.el7
Doc Type: Enhancement
Doc Text:
This patch adds an additional check for applications which change memory outside of the range allocated by malloc(), thus further hardening the malloc internals against both accidental and malicious overflows.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 09:58:28 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0805 None None None 2018-04-10 10:00 EDT

  None (edit)
Description Florian Weimer 2017-05-03 04:02:45 EDT 
We should backport this additional upstream hardening:

commit 17f487b7afa7cd6c316040f3e6c86dc96b2eec30
Author: DJ Delorie <dj@delorie.com>
Date:   Fri Mar 17 15:31:38 2017 -0400

    Further harden glibc malloc metadata against 1-byte overflows.
    
    Additional check for chunk_size == next->prev->chunk_size in unlink()
    
    2017-03-17  Chris Evans  <scarybeasts@gmail.com>
    
            * malloc/malloc.c (unlink): Add consistency check between size and
            next->prev->size, to further harden against 1-byte overflows.

This is on top of the hardening in bug 1326739.
Comment 5 errata-xmlrpc 2018-04-10 09:58:28 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0805
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.