Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
GHSL-2023-012: Incorrect free when decoding target
Incorrect free when decoding target information (GHSL-2023-012) Fixes defect GHSL-2023-012 found by the GitHub Security Lab team via oss-fuzz. The error condition incorrectly assumed the cb and sh buffers would contain a copy of the data that needed to freed. However that is not the case. This will generally cause an assertion when trying to free a pointer that was never allocated, and potentially memory corruption depending on the contents fo the target_info buffer. This may cause a DoS condition. Signed-off-by: Simo Sorce <simo@redhat.com>
- Loading branch information