diff options
author | Ludovic Courtès <ludo@gnu.org> | 2022-05-26 17:11:20 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2022-05-26 17:11:20 +0200 |
commit | 7097e98586df3110b80943a88c27804d65f214fa (patch) | |
tree | 2e244b9fc19acc569d6abd42306aaf013f02da0d /gnu/packages/patches/ytnef-CVE-2021-3403.patch | |
parent | 15870cc08d20501e3526fa892111a43ae9e3e02f (diff) | |
parent | 4577f3c6b60ea100e521c246fb169d6c05214b20 (diff) | |
download | guix-patches-7097e98586df3110b80943a88c27804d65f214fa.tar guix-patches-7097e98586df3110b80943a88c27804d65f214fa.tar.gz |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches/ytnef-CVE-2021-3403.patch')
-rw-r--r-- | gnu/packages/patches/ytnef-CVE-2021-3403.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/gnu/packages/patches/ytnef-CVE-2021-3403.patch b/gnu/packages/patches/ytnef-CVE-2021-3403.patch deleted file mode 100644 index 4b1c9d659f..0000000000 --- a/gnu/packages/patches/ytnef-CVE-2021-3403.patch +++ /dev/null @@ -1,32 +0,0 @@ -From f2380a53fb84d370eaf6e6c3473062c54c57fac7 Mon Sep 17 00:00:00 2001 -From: Oliver Giles <ohw.giles@gmail.com> -Date: Mon, 1 Feb 2021 10:12:16 +1300 -Subject: [PATCH] Prevent potential double-free in TNEFSubjectHandler - -If TNEFSubjectHandler is called multiple times, but the last time -failed due to the PREALLOCCHECK, the subject.data member will be -a freed, but invalid pointer. To prevent a double-free next time -TNEFSubjectHandler is entered, set it to zero after freeing. - -Resolves: #85 -Reported-by: jasperla ---- - lib/ytnef.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/lib/ytnef.c b/lib/ytnef.c -index b148719..b06c807 100644 ---- a/lib/ytnef.c -+++ b/lib/ytnef.c -@@ -301,8 +301,10 @@ int TNEFFromHandler STD_ARGLIST { - } - // ----------------------------------------------------------------------------- - int TNEFSubjectHandler STD_ARGLIST { -- if (TNEF->subject.data) -+ if (TNEF->subject.data) { - free(TNEF->subject.data); -+ TNEF->subject.data = NULL; -+ } - - PREALLOCCHECK(size, 100); - TNEF->subject.data = calloc(size+1, sizeof(BYTE)); |