[openssl/openssl] 01753c: Set down_load factor on hash table when culling it...

Neil Horman noreply at github.com
Tue Jul 16 11:33:58 UTC 2024


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 01753c09bbfdffcefd555b4c21e50e68af346129
      https://github.com/openssl/openssl/commit/01753c09bbfdffcefd555b4c21e50e68af346129
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-07-16 (Tue, 16 Jul 2024)

  Changed paths:
    M crypto/property/property.c

  Log Message:
  -----------
  Set down_load factor on hash table when culling items in doall

oss-fuzz noted this issue:
https://oss-fuzz.com/testcase-detail/5363002606419968

Which reports a heap buffer overflow during ossl_method_cache_flush_some

Its occuring because we delete items from the hash table while inside
its doall iterator

The iterator in lhash.c does a reverse traversal of all buckets in the
hash table, and at some point a removal during an iteration leads to the
hash table shrinking, by calling contract.  When that happens, the
bucket index becomes no longer valid, and if the index we are on is
large, it exceeds the length of the list, leading to an out of band
reference, and the heap buffer overflow report.

Fix it by preventing contractions from happening during the iteration,
but setting the down_load factor to 0, and restoring it to its initial
value after the iteration is done

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24867)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications


More information about the openssl-commits mailing list