[Debian-med-packaging] Bug#792825: disulfinder: Possible use after free
Andreas Tille
andreas at fam-tille.de
Sat Jul 18 22:08:23 UTC 2015
Hi Axel,
thanks for your bug report. Would you be able to provide a patch?
Kind regards
Andreas.
On Sat, Jul 18, 2015 at 11:37:32PM +0200, Axel Wagner wrote:
> I found a possible use after free in the usage of wordexp:
> http://sources.debian.net/src/disulfinder/1.2.11-4/disulfind/src/disulfinder.h/?hl=154#L154
>
> wordfree(&p) should actually free p.we_wordv[0], so using rootdir after this
> should be a UAF.
--
http://fam-tille.de
More information about the Debian-med-packaging
mailing list