[Bug 251203] net/netatalk3 Use after free in get_tm_used()

Tue Nov 17 04:39:52 UTC 2020

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251203

            Bug ID: 251203
           Summary: net/netatalk3 Use after free in get_tm_used()
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: marcus at FreeBSD.org
          Reporter: freebsd at quinteiro.org
          Assignee: marcus at FreeBSD.org
             Flags: maintainer-feedback?(marcus at FreeBSD.org)

Created attachment 219761
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=219761&action=edit
Clang address sanitizer report

If get_tm_used encounters a directory with a name ending in
"sparsebunlde", and the logged-in user does not have execute permission
on that directory, we destroy the infoplist bstring we created, and
move on to the next entry. Unfortunately, we do not set infoplist to
NULL, and trying to bdestroy infoplist at cleanup time causes an
attempted read of bstring->slen in a region that was freed.

Found with Clang's address sanitizer.

-- 
You are receiving this mail because:
You are the assignee for the bug.