Skip to content

Commit

Permalink
Fix double free().
Browse files Browse the repository at this point in the history 
Found by Brian 'geeknik' Carpenter using AFL.
  • Loading branch information
@0-wiz-0
0-wiz-0 committed Aug 14, 2017
1 parent f0b8dda commit 2217022
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 3 deletions.
1 change: 1 addition & 0 deletions THANKS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu>
Benjamin Gilbert <bgilbert@backtick.net>
Boaz Stolk <bstolk@aweta.nl>
Bogdan <bogiebog@gmail.com>
Brian 'geeknik' Carpenter <geeknik@protonmail.ch>
Chris Nehren <cnehren+libzip@pobox.com>
Coverity <info@coverity.com>
Dane Springmeyer <dane.springmeyer@gmail.com>
Expand Down
3 changes: 0 additions & 3 deletions lib/zip_dirent.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo
}

if (!_zip_dirent_process_winzip_aes(zde, error)) {
if (!from_buffer) {
_zip_buffer_free(buffer);
}
return -1;
}

Expand Down

2 comments on commit 2217022

@l2dy
Copy link

@l2dy l2dy commented on 2217022 Oct 8, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has been assigned CVE-2017-12858.

@abergmann
Copy link

@abergmann abergmann commented on 2217022 Feb 10, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This commit got referenced with CVE-2019-17582.

NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."

Please sign in to comment.