[PATCH] Fix potential use after free in uidswap.c (portable)
Darren Tucker
dtucker at zip.com.au
Tue Jun 23 12:53:39 AEST 2015
On Mon, Jun 22, 2015 at 11:36 AM, Darren Tucker <dtucker at zip.com.au> wrote:
> On Sun, Jun 21, 2015 at 12:31 AM, Albert S. <mail at quitesimple.org> wrote:
>
>> Fixes a potential (but probably rather unlikely) use after free bug in
>> function temporarily_use_uid(), file uidswap.c.
>>
>
> Does seem unlikely (with zero entries there's no reason for it to deref
> the pointer), however reading the man pages it seems like there's no
> guarantee that it won't, so seems reasonable to me. Damien?
>
Thanks, this has been committed and will be in the next release.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list