Thanks. Ticket open at https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7633
-- Kevin A. McGrail VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Wed, Sep 19, 2018 at 1:25 PM Ondřej Lysoněk <[email protected]> wrote: > Hi, > > the following patch fixes a potential use after free in getopt.c, > recently introduced by mistake it seems. 'opt' is assigned to > 'spamc_optarg' so that it can be used later, so it can't possibly > be freed here. > > This applies both to trunk and 3.4. > > Index: spamc/getopt.c > =================================================================== > --- spamc/getopt.c (revision 1841353) > +++ spamc/getopt.c (working copy) > @@ -274,7 +274,6 @@ > } else if(longopts[i].has_arg == optional_argument) { > if(((spamc_optind < argc) && (argv[spamc_optind]) && > (argv[spamc_optind][0] != '-')) || > (opt != NULL)) { > - free(opt); > if(opt != NULL) { > spamc_optarg = opt; > } else { > =================================================================== > > Kind regards > Ondřej Lysoněk >
