https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7633
Bug ID: 7633
Summary: spamc free on opt likely not good
Product: Spamassassin
Version: 3.4.2
Hardware: PC
OS: Windows NT
Status: NEW
Severity: blocker
Priority: P2
Component: spamc/spamd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
Reported by Ondřej Lysoněk [email protected]
the following patch fixes a potential use after free in getopt.c,
recently introduced by mistake it seems. 'opt' is assigned to
'spamc_optarg' so that it can be used later, so it can't possibly
be freed here.
This applies both to trunk and 3.4.
Index: spamc/getopt.c
===================================================================
--- spamc/getopt.c (revision 1841353)
+++ spamc/getopt.c (working copy)
@@ -274,7 +274,6 @@
} else if(longopts[i].has_arg == optional_argument) {
if(((spamc_optind < argc) && (argv[spamc_optind]) &&
(argv[spamc_optind][0] != '-')) ||
(opt != NULL)) {
- free(opt);
if(opt != NULL) {
spamc_optarg = opt;
} else {
===================================================================
Kind regards
--
You are receiving this mail because:
You are the assignee for the bug.
