Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 12:14:05 +0100
From: Hanno Böck <hanno@...eck.de>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: invalid free in GNU ed before 1.14.1

Hi,

ed 1.14.1 fixes an invalid free, reported here:
https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html

Reproducer:
echo -e "H\n?\{" | ed

Found with afl. ed 1.14.1 didn't show any more issues with afl/asan
fuzzing.

Not sure if there's any scenario where ed is used with untrusted input.

ed isn't developed in a version control system, therefore I can't link
to a commit, but the patch to fix it is this:

--- a/regex.c	2017-01-06 02:06:04.000000000 +0100
+++ b/regex.c	2017-01-09 17:09:51.000000000 +0100
@@ -135,7 +135,6 @@ static regex_t * get_compiled_regex( con
     char buf[80];
     regerror( n, exp, buf, sizeof buf );
     set_error_msg( buf );
-    free( exp );
     exp = 0;
     }
   return exp;




-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ