On 2013-02-24 15:07, Mike Miller wrote: > Moving discussion to #700805. > > On Sun, Feb 24, 2013 at 11:31:03AM +0100, Niels Thykier wrote: >> On 2013-02-24 11:04, Thijs Kinkhorst wrote: >>>> As mentioned in #700805, this line introduces a memory leak if realloc >>>> fails for any reason. >>> >>> Upstream has committed a fix for the issue but also concluded that this >>> causing real world trouble is not very probable. >>> >> >> Personally, I am not a huge fan of "probably not an issue"-assertions in >> cases like this. If upstream is wrong on this, we will have another CVE >> on our hands. >> >> [...] >> >> Mike, once openconnect/3.20-3 has migrated, you are welcome to upload a >> -4 fixing this possible memory leak (actually I would appreciate it). > > Yes, I can do that later this week after 3.20-3 transitions. I'd prefer > to apply the upstream fix [1] as is, which touches all reallocs as > possible leaks, ok with you? Or should I limit it to the realloc in this > latest diff as reported? > > [1] > http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/8dad4f3ad009e45bbd1ba21f1bd03d3f7639deab > > Thanks, >
That particular commit looks fine and I would not mind if it was taken as-is. ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org