Fixing double free bug in opencdk8/etch

To: debian-release@lists.debian.org
Subject: Fixing double free bug in opencdk8/etch
From: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: Sat, 21 Oct 2006 17:08:12 +0200
Message-id: <[🔎] 20061021150812.GG2827@downhill.g.la>
Mail-followup-to: debian-release@lists.debian.org

Hello,
I would like to fix a double-free bug in opencdk 0.5.9
(debdiff attached), the patch is a one-liner.
cu and- would upload 0.5.10 if it was not frozen. -reas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde

diff -u opencdk8-0.5.9/debian/changelog opencdk8-0.5.9/debian/changelog
--- opencdk8-0.5.9/debian/changelog
+++ opencdk8-0.5.9/debian/changelog
@@ -1,3 +1,11 @@
+opencdk8 (0.5.9-2) unstable; urgency=low
+
+  [ Andreas Metzler ]
+  * Add a watchfile.
+  * Pulled from 0.5.10: Fix doublefree in keylist.c.
+
+ -- Andreas Metzler <ametzler@debian.org>  Sat, 21 Oct 2006 13:32:46 +0200
+
 opencdk8 (0.5.9-1) unstable; urgency=low
 
   [ James Westby ]
only in patch2:
unchanged:
--- opencdk8-0.5.9.orig/debian/watch
+++ opencdk8-0.5.9/debian/watch
@@ -0,0 +1,2 @@
+version=3
+ftp://ftp.gnutls.org/pub/crypto/gnutls/opencdk/opencdk-(.*)\.tar\.gz debian uupdate
only in patch2:
unchanged:
--- opencdk8-0.5.9.orig/debian/patches/02-keylist-doublefree.patch
+++ opencdk8-0.5.9/debian/patches/02-keylist-doublefree.patch
@@ -0,0 +1,32 @@
+ http://lists.gnupg.org/pipermail/gnutls-dev/2006-October/001248.html
+ "Adam Langley" <agl at imperialviolet.org> writes:
+
+ > (I hope opencdk is on topic for this list)
+ 
+ Yes.
+ 
+ > Line numbers from opencdk-0.5.9
+ >
+ > in keylist.c:cdk_pklist_encrypt:287
+ >
+ > This call to cdk_pklist_encrypt also causes enc to be free'ed, however
+ > the pointer here isn't NULLed out so it's double free'ed at line 294
+ >
+ > Suggested (e.g. it works for me): set enc to NULL after cdk_pklist_encrypt
+ 
+ I assume you meant after cdk_pkt_write?  That would make more sense.
+ 
+ I'll be releasing opencdk 0.5.10 later today, so if you, or anyone
+ else, have time, please check if CVS works fine.
+ 
+ /Simon
+--- opencdk-0.5.9/src/keylist.c	2006-08-06 15:13:07.000000000 +0200
++++ opencdk-0.5.10/src/keylist.c	2006-10-11 16:07:42.000000000 +0200
+@@ -285,6 +285,7 @@
+             pkt->pkt.pubkey_enc = enc;
+             rc = cdk_pkt_write( outp, pkt );
+             cdk_pkt_free( pkt );
++	    enc = NULL; /* free'd by cdk_pkt_free() */
+             if( rc )
+                 break;
+ 	}

Reply to:

Follow-Ups:
- Re: Fixing double free bug in opencdk8/etch
  - From: Andreas Barth <aba@not.so.argh.org>

Prev by Date: Remaining sysvinit issues and updating the etch version
Next by Date: Python 2.4 with security fix in etch
Previous by thread: Remaining sysvinit issues and updating the etch version
Next by thread: Re: Fixing double free bug in opencdk8/etch
Index(es):
- Date
- Thread