Date: Mon, 16 May 2016 05:05:47 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 209538] use-after-free bug in nscd cache_read() - Coverity CID 1006083 Message-ID: <bug-209538-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209538 Bug ID: 209538 Summary: use-after-free bug in nscd cache_read() - Coverity CID 1006083 Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: truckman@FreeBSD.org Created attachment 170339 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D170339&action= =3Dedit patch to fix use-after-free error in nscd Coverity flagged a use-after-free error in the nscd cache_read function. It noticed that find_res->value is getting freed before it gets passed to memcpy(). It looks like the problem is a missing return (-1) inside the if (find_res->fifo_policy_item->last_request_time.tv_sec - find_res->fifo_policy_item->creation_time.tv_sec common_entry->common_params.max_lifetime.tv_sec) { block. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-209538-8>