[krbdev.mit.edu #9215] [PATCH] Fix DB2 hash bitmap page count validation
Богдан Богуславский via RT
rt-comment at krbdev.mit.edu
Thu May 21 17:45:05 EDT 2026
Thu May 21 17:45:05 2026: Request 9215 was acted upon.
Transaction: Ticket created by boguslavskijbj at basealt.ru
Queue: krb5
Subject: [PATCH] Fix DB2 hash bitmap page count validation
Owner: Nobody
Requestors: boguslavskijbj at basealt.ru
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9215 >
Hello,
I found a possible out-of-bounds write in the DB2 hash backend.
In __kdb2_hash_open(), bpages is computes from the hash file header and
then used as the size argument when clearing hashp->mapp. The mapp array
has only NCACHED entries, so a malformed hash database can cause
memset() to write past the end of the array.
The attached patch rejects negative bitmap page counts and values
greater than NCACHED.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Regards,
Bogdan Boguslavskij
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-db2-hash-bitmap-page-count-validation.patch
Type: text/x-patch
Size: 1359 bytes
Desc: not available
URL: <http://mailman.mit.edu/pipermail/krb5-bugs/attachments/20260521/0d68b4b0/attachment.bin>
More information about the krb5-bugs
mailing list