Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Dec 2014 21:46:42 +0100
From: Florian Weimer <>
Subject: Re: CVE Request(s): libgcrypt

* Joshua Rogers:

> Double free of 'hd':

The patch seems incorrect because the copy of the pointer in the
caller is not updated when first free happens.

The error can only happen on a path with an allocation failure, right?

> off-by-one out-of-bounds read:

This doesn't look like a security issue because the callers all use
in-range values.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.