| Summary: | =sys-apps/ed-1.14: invalid free | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | base-system |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2017/01/12/5 | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=605638 | ||
| Whiteboard: | ~2 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
commit 3a9ec6527ccb64f9ca04bba9c8f7aab5040ffca3 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri Jan 13 21:29:32 2017 sys-apps/ed: Security cleanup (bug #605552). Package-Manager: Portage-2.3.3, Repoman-2.3.1 This bug only affects =sys-apps/ed-1.14 (which I just cleaned up) and not the current stable candidate =sys-apps/ed-1.13 (see bug #605012) Only one affected package, which was never marked stable, so vulnerability rating reflects that. |
From ${URL} : ed 1.14.1 fixes an invalid free, reported here: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html Reproducer: echo -e "H\n?\{" | ed Found with afl. ed 1.14.1 didn't show any more issues with afl/asan fuzzing. Not sure if there's any scenario where ed is used with untrusted input. ed isn't developed in a version control system, therefore I can't link to a commit, but the patch to fix it is this: --- a/regex.c 2017-01-06 02:06:04.000000000 +0100 +++ b/regex.c 2017-01-09 17:09:51.000000000 +0100 @@ -135,7 +135,6 @@ static regex_t * get_compiled_regex( con char buf[80]; regerror( n, exp, buf, sizeof buf ); set_error_msg( buf ); - free( exp ); exp = 0; } return exp; @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.