Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Dec 2014 21:46:42 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request(s): libgcrypt

* Joshua Rogers:

> Double free of 'hd':
> http://lists.gnupg.org/pipermail/gcrypt-devel/2014-December/003300.html

The patch seems incorrect because the copy of the pointer in the
caller is not updated when first free happens.

The error can only happen on a path with an allocation failure, right?

> off-by-one out-of-bounds read:
> http://lists.gnupg.org/pipermail/gcrypt-devel/2014-December/003299.html

This doesn't look like a security issue because the callers all use
in-range values.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.