File pan-fix-use-after-free-in-main.patch of Package pan

Overview Repositories Revisions Requests Users Attributes Meta

File pan-fix-use-after-free-in-main.patch of Package pan

From 27190a525b6e5684af35566170c50f5beaa10c53 Mon Sep 17 00:00:00 2001
From: "paul@flinders.org" <paul@flinders.org>
Date: Thu, 8 Feb 2018 21:23:32 +0100
Subject: Bug 793277 Use after free in main()

The problem is the scope of the return value from data.get_servers()
which is a std::set of Quarks

The temporary used for this value goes out of scope at the end of
the statement containing it - within the for loop control
statement - it is not in scope in the loop body.

The result is that later dereferencing the iterator on line 1158
accesses memory which has been returned to the heap.
---
 pan/gui/pan.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pan/gui/pan.cc b/pan/gui/pan.cc
index b552a2c..f732398 100644
--- a/pan/gui/pan.cc
+++ b/pan/gui/pan.cc
@@ -1152,7 +1152,8 @@ main (int argc, char *argv[])
   if (!data.get_servers().empty())
   {
     // free secure passwords
-    foreach(quarks_t, data.get_servers(), it)
+    quarks_t srv_list = data.get_servers();
+    foreach(quarks_t, srv_list, it)
     {
       Data::Server* s(data.find_server(*it));
       if (s && s->gkr_pw)
-- 
cgit v0.12

Places

File pan-fix-use-after-free-in-main.patch of Package pan

Places