-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security]: duplicate with #1180 #1216
Comments
I am pretty sure this is not same issue as #1165. and I am not able to reproduce your case. Also seems like our code base is different. |
However I found memleak case when testing your raw data. Thank you bro!! |
I test and invesigate it on the newest banch, and here's what happened. If necessary, I can provide a dockerfile to make sure the environment and code are the same.
Glad to hear that. Is the following the same as what you found? If so, please ignore this message. |
This seems like a similar issue with #1180\ |
I mean, any your advice on how to debug this memleak would be appreciated. |
All bugs spotted by this issue have been fixed. |
Describe the bug
Hi!
Similar to previous #1165, this should be one UAF due to condition contention in the latest branch (both for NanoMQ && NanoNNG).
In fact, this vulnerability was committed to #1165#issuecomment and all of them have been fixed. But it seems that the problem is still present in the latest branch, either because of a situation that bypasses the patch or because they are caused by something more specific, so I opened this issue.
The following information is provided to facilitate reproduction.
To Reproduce
If possible include actual reproduction test code here.
Minimal C test cases are perferred.
Environment Details
UAF_nmq_mqtt_c_404.zip
The text was updated successfully, but these errors were encountered: