Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2017-6384: saslserv/main: free sasl_sourceinfo_t after use #539

Merged
merged 1 commit into from Feb 4, 2017

Conversation

mniip
Copy link
Contributor

@mniip mniip commented Feb 3, 2017

==9829== 136 bytes in 1 blocks are definitely lost in loss record 440 of 447
==9829==    at 0x4C2CA40: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9829==    by 0x52C109A: smalloc (memory.c:35)
==9829==    by 0xC487B92: sasl_sourceinfo_create (main.c:274)
==9829==    by 0xC4887F0: login_user (main.c:605)
==9829==    by 0xC4887F0: sasl_packet.constprop.6 (main.c:467)
==9829==    by 0xC488E6B: sasl_input (main.c:347)
==9829==    by 0x52BE5AD: hook_call_event (hook.c:192)
==9829==    by 0x6FDED40: m_encap.part.15 (ts6-generic.c:1304)
==9829==    by 0x71E3CDA: irc_parse (parse.c:176)
==9829==    by 0x52C31FD: irc_recvq_handler (packet.c:55)
==9829==    by 0x52BB010: recvq_put (datastream.c:266)
==9829==    by 0x5081762: mowgli_epoll_eventloop_select (epoll_pollops.c:188)
==9829==    by 0x50823A3: mowgli_simple_eventloop_timeout_once (null_pollops.c:57)

@siniStar7 siniStar7 merged commit 5150504 into atheme:master Feb 4, 2017
@anarcat
Copy link

anarcat commented Feb 8, 2017

was a CVE requested for this yet?

@mniip
Copy link
Contributor Author

mniip commented Feb 8, 2017

Requested, yes

@anarcat
Copy link

anarcat commented Feb 8, 2017 via email

@carnil
Copy link

carnil commented Feb 23, 2017

@mniip, @anarcat any news heard about the CVE assignment?

@anarcat
Copy link

anarcat commented Feb 23, 2017

@carnil didn't find or hear anything about this myself.

@mniip
Copy link
Contributor Author

mniip commented Feb 28, 2017

Sorry, I got somewhat busy with life. Per amdj's advice I'll rerequest now.

@mniip mniip changed the title saslserv/main: free sasl_sourceinfo_t after use CVE-2017-6384: saslserv/main: free sasl_sourceinfo_t after use Feb 28, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants