https://bugzilla.mindrot.org/show_bug.cgi?id=1539
Summary: double-free when failing to parse a forwarding
specification given using ~C
Product: Portable OpenSSH
Version: 5.1p1
Platform: ix86
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=50533
0
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs@mindrot.org
ReportedBy: cjwatson@debian.org
Created an attachment (id=1581)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1581)
fix double-free if parsing forwarding specification fails
Arthur de Jong reported that ssh can be made to crash with a
double-free as follows:
% ssh somehost
[...]
% ~C
ssh> -L *.80:localhost:80
Bad forwarding specification.
*** glibc detected *** ssh: double free or corruption (fasttop):
0xb95431b0 ***
This is because parse_forward frees fwd->connect_host and
fwd->listen_host but doesn't set them to NULL, and so process_cmdline
tries to free them again. Patch attached.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Summary: double-free when failing to parse a forwarding
specification given using ~C
Product: Portable OpenSSH
Version: 5.1p1
Platform: ix86
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=50533
0
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs@mindrot.org
ReportedBy: cjwatson@debian.org
Created an attachment (id=1581)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1581)
fix double-free if parsing forwarding specification fails
Arthur de Jong reported that ssh can be made to crash with a
double-free as follows:
% ssh somehost
[...]
% ~C
ssh> -L *.80:localhost:80
Bad forwarding specification.
*** glibc detected *** ssh: double free or corruption (fasttop):
0xb95431b0 ***
This is because parse_forward frees fwd->connect_host and
fwd->listen_host but doesn't set them to NULL, and so process_cmdline
tries to free them again. Patch attached.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs