Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Use-after-free in portlist.cc

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 4 Feb 2015 14:46:00 -0600
Mak,

Thanks for the report. Fixed in r33979.

Dan

On Wed, Feb 4, 2015 at 1:42 PM, Mak Kolybabi <mak () kolybabi com> wrote:


I'm messing about with some static analyzers today, and slowly slogging
through a list of mostly-crazy false positives. One result, however,
looks legit:

https://github.com/nmap/nmap/blob/master/portlist.cc#L718-736

If a non-null answer is passed in, it is freed, and then later if
o.verbose is set it dereferences the previously-freed answer twice.

I'll be continuing to go through these results, and more emails will
follow if I find anything else of interest.
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: