diff options
author | Mark Wielaard <mark@klomp.org> | 2019-06-24 00:45:32 +0200 |
---|---|---|
committer | Mark Wielaard <mark@klomp.org> | 2019-06-24 00:58:47 +0200 |
commit | c1cdd98db3238cb711c7d9cdc5671452ce2822cb (patch) | |
tree | ab84c05bb15b96f655c1914a9907a38c4d76f0fe | |
parent | 833548edc0eb4af85ce8da193835f0f31a6c300f (diff) | |
download | bzip2-c1cdd98db3238cb711c7d9cdc5671452ce2822cb.tar.gz bzip2-c1cdd98db3238cb711c7d9cdc5671452ce2822cb.tar.bz2 bzip2-c1cdd98db3238cb711c7d9cdc5671452ce2822cb.zip |
bzip2recover: Fix use after free issue with outFile.
bzip2recover.c (main): Make sure to set outFile to NULL when done.
This was reported as CVE-2016-3189 and found in multiple distributions.
https://seclists.org/oss-sec/2016/q2/568
Some more analysis can be found in:
https://bugzilla.redhat.com/show_bug.cgi?id=1319648
-rw-r--r-- | bzip2recover.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/bzip2recover.c b/bzip2recover.c index 1a70e04..a955d60 100644 --- a/bzip2recover.c +++ b/bzip2recover.c | |||
@@ -458,6 +458,7 @@ Int32 main ( Int32 argc, Char** argv ) | |||
458 | bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); | 458 | bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); |
459 | bsPutUInt32 ( bsWr, blockCRC ); | 459 | bsPutUInt32 ( bsWr, blockCRC ); |
460 | bsClose ( bsWr ); | 460 | bsClose ( bsWr ); |
461 | outFile = NULL; | ||
461 | } | 462 | } |
462 | if (wrBlock >= rbCtr) break; | 463 | if (wrBlock >= rbCtr) break; |
463 | wrBlock++; | 464 | wrBlock++; |