severity 395248 serious tags 395248 upstream kthxbye "Sam Hocevar (Debian packages)" <[EMAIL PROTECTED]> writes:
> ngrep's signal handler, clean_exit(), calls free() and other cleanup > functions in a non-idempotent way. Good catch, thanks for the report. > This is probably a security issue, too, because the data ngrep is > handling comes from the network, but it does not seem to be easily > exploitable (famous last words, I know). At least the various pointers that are double-free'd aren't used for data that comes from the network... They also should be reset to NULL, but that would still leave a (shorter) race condition. I agree that this is potentially a security issue, so I'm raising the severity of this report to 'serious'. I asked ngrep's upstream maintainer for comments, let's see what he thinks about the problem and your proposed fix. Thanks, -- ,''`. : :' : Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
