On 2020-06-11 15:59, Otto Moerbeek wrote:
On Thu, Jun 11, 2020 at 03:15:55PM +0200, Romero Pérez, Abel wrote:I've got a: man(13835) in free(): bogus pointer (double free?) 0x22c43c2813b To check please, add the following function to .kshrc and run . ./.kshrc: function man { set -A array "$@" tag=${array[$#-1]} PAGER="" MANPAGER="" /usr/bin/man -T html -c pfctl $@ > /tmp/man.html | lynx /tmp/man.html#$tag #PAGER="" MANPAGER="" /usr/bin/man -T html -c $@ | lynx -stdin } Then launch on prompt: man id The result if exploited is on screenshot, but on console as follows: foo$ man id Abort trap foo$This already trips the bug; man -T html -c pfctl id No need for a custom man function. No clue yet why. -Otto
Confirmed, it exploits also with your cmd-line.
