Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.10 Fixes a bad memory read and unfreed memory in fsinfo code (#893) #1013

Merged
merged 2 commits into from
Sep 15, 2021
Merged

1.10 Fixes a bad memory read and unfreed memory in fsinfo code (#893) #1013

merged 2 commits into from
Sep 15, 2021

Conversation

lrknox
Copy link
Collaborator

@lrknox lrknox commented Sep 15, 2021

  • Fixes a bad memory read and unfreed memory in fsinfo code

The segfault from CVE-2020-10810 was fixed some time ago, but the
illegal memory read and unfreed memory were not.

This fix tracks some buffer sizes and errors out gracefully on errors,
ensuring buffers are cleaned up and avoiding the H5FL infinite loop +
abort on library close.

  • Committing clang-format changes

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

derobins and others added 2 commits September 15, 2021 09:56
@derobins @github-actions @lrknox
Fixes a bad memory read and unfreed memory in fsinfo code (#893)
55c08b6 
* Fixes a bad memory read and unfreed memory in fsinfo code

The segfault from CVE-2020-10810 was fixed some time ago, but the
illegal memory read and unfreed memory were not.

This fix tracks some buffer sizes and errors out gracefully on errors,
ensuring buffers are cleaned up and avoiding the H5FL infinite loop +
abort on library close.

* Committing clang-format changes

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions
Committing clang-format changes
9e8ff9f
@lrknox lrknox merged commit 4bf757e into HDFGroup:hdf5_1_10 Sep 15, 2021
@lrknox lrknox deleted the 1_10_cve_2020_10810 branch September 16, 2021 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@byrnHDF byrnHDF byrnHDF approved these changes

@bmribler bmribler Awaiting requested review from bmribler bmribler is a code owner

@derobins derobins Awaiting requested review from derobins derobins is a code owner

@fortnern fortnern Awaiting requested review from fortnern fortnern is a code owner

@jhendersonHDF jhendersonHDF Awaiting requested review from jhendersonHDF jhendersonHDF is a code owner

@jrmainzer jrmainzer Awaiting requested review from jrmainzer

@soumagne soumagne Awaiting requested review from soumagne

@vchoi-hdfgroup vchoi-hdfgroup Awaiting requested review from vchoi-hdfgroup vchoi-hdfgroup is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lrknox @byrnHDF @derobins