[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 12:14:05 +0100
From: Hanno Böck <hanno@...eck.de>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: invalid free in GNU ed before 1.14.1
Hi,
ed 1.14.1 fixes an invalid free, reported here:
https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
Reproducer:
echo -e "H\n?\{" | ed
Found with afl. ed 1.14.1 didn't show any more issues with afl/asan
fuzzing.
Not sure if there's any scenario where ed is used with untrusted input.
ed isn't developed in a version control system, therefore I can't link
to a commit, but the patch to fix it is this:
--- a/regex.c 2017-01-06 02:06:04.000000000 +0100
+++ b/regex.c 2017-01-09 17:09:51.000000000 +0100
@@ -135,7 +135,6 @@ static regex_t * get_compiled_regex( con
char buf[80];
regerror( n, exp, buf, sizeof buf );
set_error_msg( buf );
- free( exp );
exp = 0;
}
return exp;
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
