oss-security - invalid free in GNU ed before 1.14.1

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20170112121405.563ee9ee@pc1>
Date: Thu, 12 Jan 2017 12:14:05 +0100
From: Hanno Böck <hanno@...eck.de>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: invalid free in GNU ed before 1.14.1

Hi,

ed 1.14.1 fixes an invalid free, reported here:
https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html

Reproducer:
echo -e "H\n?\{" | ed

Found with afl. ed 1.14.1 didn't show any more issues with afl/asan
fuzzing.

Not sure if there's any scenario where ed is used with untrusted input.

ed isn't developed in a version control system, therefore I can't link
to a commit, but the patch to fix it is this:

--- a/regex.c	2017-01-06 02:06:04.000000000 +0100
+++ b/regex.c	2017-01-09 17:09:51.000000000 +0100
@@ -135,7 +135,6 @@ static regex_t * get_compiled_regex( con
     char buf[80];
     regerror( n, exp, buf, sizeof buf );
     set_error_msg( buf );
-    free( exp );
     exp = 0;
     }
   return exp;




-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.