Moving discussion to #700805. On Sun, Feb 24, 2013 at 11:31:03AM +0100, Niels Thykier wrote: > On 2013-02-24 11:04, Thijs Kinkhorst wrote: > >> As mentioned in #700805, this line introduces a memory leak if realloc > >> fails for any reason. > > > > Upstream has committed a fix for the issue but also concluded that this > > causing real world trouble is not very probable. > > > > Personally, I am not a huge fan of "probably not an issue"-assertions in > cases like this. If upstream is wrong on this, we will have another CVE > on our hands. > > [...] > > Mike, once openconnect/3.20-3 has migrated, you are welcome to upload a > -4 fixing this possible memory leak (actually I would appreciate it).
Yes, I can do that later this week after 3.20-3 transitions. I'd prefer to apply the upstream fix [1] as is, which touches all reallocs as possible leaks, ok with you? Or should I limit it to the realloc in this latest diff as reported? [1] http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/8dad4f3ad009e45bbd1ba21f1bd03d3f7639deab Thanks, -- mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org