Your message dated Fri, 19 Dec 2014 15:00:12 -0500
with message-id <[email protected]>
and subject line Re: [Pkg-gnupg-maint] Bug#773414: gpg use-after-free
has caused the Debian Bug report #773414,
regarding gpg use-after-free
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773414: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773414
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnupg2
Version: 2.1.1
Severity: normal
Hi,
In 'iobuf.c' on lines 1131-1133, there is a use-after-free if DBG_IOBUF
is enabled.
Thanks,
--
-- Joshua Rogers <https://internot.info/>
--- End Message ---
--- Begin Message ---
https://bugs.debian.org/773414, Joshua Rogers wrote:
> Package: gnupg2
> Version: 2.1.1
> Severity: normal
>
> In 'iobuf.c' on lines 1131-1133, there is a use-after-free if DBG_IOBUF
> is enabled.
That code is:
1121 int
1122 iobuf_close (iobuf_t a)
1123 {
1124 iobuf_t a2;
1125 size_t dummy_len = 0;
1126 int rc = 0;
1127
1128 if (a && a->directfp)
1129 {
1130 fclose (a->directfp);
1131 xfree (a->real_fname);
1132 if (DBG_IOBUF)
1133 log_debug ("iobuf_close -> %p\n", a->directfp);
1134 return 0;
1135 }
This is not a use-after-free; iobuf_t.directfp is used to store a FILE*,
and the log_debug call prints its address, even though it has been freed.
This is not an unreasonable thing to do when DBG_IOBUF is set.
It would be even more reasonable if the FILE* itself was emitted
elsewhere in the code (e.g. for matching up fopen and fclose calls), but
it's not being dereferenced at all.
I'm closing this, because it is not a bug.
--dkg
signature.asc
Description: OpenPGP digital signature
--- End Message ---
