oss-sec mailing list archives
Re: Exim 4.95 invalid free
From: Evgeny Legerov <admin () vulndisco cc>
Date: Sun, 7 Aug 2022 18:20:11 +0300
Hi, Here is another interesting code in Exim 4.96.I really doubt that it is exploitable, but if someone manages to reproduce at least ASAN crash, it would be great.
SPF_dns_exim_new(int debug) { memset(spf_dns_server, 0, sizeof(SPF_dns_server_t)); spf_dns_server->destroy = NULL; spf_dns_server->lookup = SPF_dns_exim_lookup; spf_dns_server->get_spf = NULL; spf_dns_server->get_exp = NULL; spf_dns_server->add_cache = NULL; spf_dns_server->layer_below = NULL; spf_dns_server->name = "exim"; spf_dns_server->debug = debug; spf_nxdomain = SPF_dns_rr_new_init(spf_dns_server, "", ns_t_any, 24 * 60 * 60, HOST_NOT_FOUND); if (!spf_nxdomain) { free(spf_dns_server); return NULL; } if SPF_dns_rr_new_init() fails, spf_dns_server will be freed with free(). regards, -e On 06.08.2022 22:25, Solar Designer wrote:
On Sat, Aug 06, 2022 at 08:47:21PM +0200, Solar Designer wrote:Yet I understand we cannot really ask you for more, and a brief link-only heads-up is better than none.When I wrote the above, I didn't realize these two bugs (in zlib and Exim) were Evgeny's own findings. Now that I do, I think it isn't unreasonable for us to ask Evgeny to include the full detail in such postings going forward. We'd appreciate that, Evgeny! Alexander
Current thread:
- Exim 4.95 invalid free Evgeny Legerov (Aug 06)
- Re: Exim 4.95 invalid free John Helmert III (Aug 06)
- Re: Exim 4.95 invalid free Evgeny Legerov (Aug 06)
- Re: Exim 4.95 invalid free Solar Designer (Aug 06)
- Re: Exim 4.95 invalid free Solar Designer (Aug 06)
- Re: Exim 4.95 invalid free Evgeny Legerov (Aug 07)
- Re: Exim 4.95 invalid free Evgeny Legerov (Aug 06)
- Re: Exim 4.95 invalid free John Helmert III (Aug 06)