Fix CVE-2017-11343: https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343 Patch copied from upstream mailing list: http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001 From: Peter Bex Date: Fri, 30 Jun 2017 15:39:45 +0200 Subject: [PATCH 2/2] Initialize symbol table after setting up randomization Otherwise, the symbol table wouldn't be correctly randomized. --- NEWS | 3 +++ runtime.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) #diff --git a/NEWS b/NEWS #index f4b0e041..6588b30e 100644 #--- a/NEWS #+++ b/NEWS #@@ -96,6 +96,9 @@ # buffer overrun and/or segfault (thanks to Lemonboy). # - CVE-2017-9334: `length' no longer crashes on improper lists (fixes # #1375, thanks to "megane"). #+ - The randomization factor of the symbol table was set before #+ the random seed was set, causing it to have a fixed value on many #+ platforms. # # - Core Libraries # - Unit "posix": If file-lock, file-lock/blocking or file-unlock are diff --git a/runtime.c b/runtime.c index 81c54dd2..a4580abc 100644 --- a/runtime.c +++ b/runtime.c @@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD; C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD; memset(signal_mapping_table, 0, sizeof(int) * NSIG); - initialize_symbol_table(); C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable"; error_location = C_SCHEME_FALSE; C_pre_gc_hook = NULL; @@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) callback_continuation_level = 0; gc_ms = 0; (void)C_randomize(C_fix(time(NULL))); + initialize_symbol_table(); if (profiling) { #ifndef C_NONUNIX -- 2.11.0