Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
curl.19331
curl-CVE-2016-8619.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2016-8619.patch of Package curl.19331
From 6c1811521c5f6453e0a1a492522c2e421da356bf Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Wed, 28 Sep 2016 12:56:02 +0200 Subject: [PATCH] krb5: avoid realloc(0) If the requested size is zero, bail out with error instead of doing a realloc() that would cause a double-free: realloc(0) acts as a free() and then there's a second free in the cleanup path. --- lib/security.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) Index: curl-7.37.0/lib/security.c =================================================================== --- curl-7.37.0.orig/lib/security.c 2016-10-20 15:17:01.738332131 +0200 +++ curl-7.37.0/lib/security.c 2016-10-20 15:17:20.374310503 +0200 @@ -199,15 +199,18 @@ static CURLcode read_data(struct connect struct krb5buffer *buf) { int len; - void* tmp; + void *tmp = NULL; CURLcode ret; ret = socket_read(fd, &len, sizeof(len)); if(ret != CURLE_OK) return ret; + if(len) { + /* only realloc if there was a length */ len = ntohl(len); tmp = realloc(buf->data, len); + } if(tmp == NULL) return CURLE_OUT_OF_MEMORY;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor