[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#681888: Patch for CVE-2012-3406

tag 681888 - patch
thanks

On Fri, Sep 21, 2012 at 06:27:38PM +0200, Arne Wichmann wrote:
> tag 681888 + patch
> thanks
> 
> There is a fix for CVE-2012-3406 in
> https://bugzilla.redhat.com/attachment.cgi?id=594722
> 

As already explained earlier before this bug was cloned, I don't think
we should use this patch:

| I'll add the patches for CVE-2012-3404 and CVE-2012-3405 as they come
| from upstream and look correct. For CVE-2012-3406 RedHat, as usual, 
| hasn't submitted the patch upstream and thus it hasn't been reviewed. I
| have looked at it quickly and I have to say I don't really like it. 
| Replacing a call to alloca() by a call to malloc() without checking the
| return value is only a small improvement when the attacker can control
| the allocation size. Also it means the attacker can DoS the system or 
| crash the program. To finish malloc() + memmove() + free() is not the 
| best way to reallocate big chunks of memory when realloc() exists.
|
| I am therefore not planning to apply this patch in the current state,
| and thus I am cloning this bug to keep this CVE entry separated from the
| others.

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net
Reply to: