Date: Tue, 17 Nov 2020 04:39:52 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 251203] net/netatalk3 Use after free in get_tm_used() Message-ID: <bug-251203-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D251203 Bug ID: 251203 Summary: net/netatalk3 Use after free in get_tm_used() Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: marcus@FreeBSD.org Reporter: freebsd@quinteiro.org Assignee: marcus@FreeBSD.org Flags: maintainer-feedback?(marcus@FreeBSD.org) Created attachment 219761 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D219761&action= =3Dedit Clang address sanitizer report If get_tm_used encounters a directory with a name ending in "sparsebunlde", and the logged-in user does not have execute permission on that directory, we destroy the infoplist bstring we created, and move on to the next entry. Unfortunately, we do not set infoplist to NULL, and trying to bdestroy infoplist at cleanup time causes an attempted read of bstring->slen in a region that was freed. Found with Clang's address sanitizer. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-251203-7788>