[openssl/openssl] ceaba9: Set down_load factor on hash table when culling it...
Neil Horman
noreply at github.com
Tue Jul 16 11:34:57 UTC 2024
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: ceaba9f807fe2fb2cad2789eb2b7a5bff24e1051
https://github.com/openssl/openssl/commit/ceaba9f807fe2fb2cad2789eb2b7a5bff24e1051
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-16 (Tue, 16 Jul 2024)
Changed paths:
M crypto/property/property.c
Log Message:
-----------
Set down_load factor on hash table when culling items in doall
oss-fuzz noted this issue:
https://oss-fuzz.com/testcase-detail/5363002606419968
Which reports a heap buffer overflow during ossl_method_cache_flush_some
Its occuring because we delete items from the hash table while inside
its doall iterator
The iterator in lhash.c does a reverse traversal of all buckets in the
hash table, and at some point a removal during an iteration leads to the
hash table shrinking, by calling contract. When that happens, the
bucket index becomes no longer valid, and if the index we are on is
large, it exceeds the length of the list, leading to an out of band
reference, and the heap buffer overflow report.
Fix it by preventing contractions from happening during the iteration,
but setting the down_load factor to 0, and restoring it to its initial
value after the iteration is done
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24867)
(cherry picked from commit 01753c09bbfdffcefd555b4c21e50e68af346129)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list