[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Fix for invalid read of size 4 in idna_to_ascii_4z
|
From: |
Alessandro Ghedini |
|
Subject: |
[PATCH] Fix for invalid read of size 4 in idna_to_ascii_4z |
|
Date: |
Fri, 5 Jun 2015 18:04:51 +0200 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hello,
this bug was originally reported at [0], but then closed because it isn't
libidn's fault. However, I was able to make a little modification to libidn
that fixed the problem for me.
The change simply involves replacing strlen()+malloc()+strcpy() with strdup()
(see the attached patch), and AFAICT all the tests pass. So I thought that
maybe you wanted to have a look at it and maybe merge it.
You can verify the problem (and that my patch fixes it) by running the
following command from the libidn git repository:
$ ./libtool --mode=execute valgrind src/idn -a 'ουτοπία.δπθ.gr'
Without patch it prints something like:
==24305== Invalid read of size 4
==24305== at 0x4E3A680: idna_to_ascii_4z (idna.c:529)
==24305== by 0x401B51: main (idn.c:374)
==24305== Address 0x5412c6c is 12 bytes inside a block of size 15 alloc'd
==24305== at 0x4C28C20: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24305== by 0x4E3A7D3: idna_to_ascii_4z (idna.c:543)
==24305== by 0x401B51: main (idn.c:374)
==24305==
==24305== Invalid read of size 4
==24305== at 0x4E3A695: idna_to_ascii_4z (idna.c:529)
==24305== by 0x401B51: main (idn.c:374)
==24305== Address 0x5413028 is 24 bytes inside a block of size 25 alloc'd
==24305== at 0x4C2AF2E: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24305== by 0x4E3A6FA: idna_to_ascii_4z (idna.c:530)
==24305== by 0x401B51: main (idn.c:374)
Cheers
[0] https://bugs.debian.org/724069
0001-Use-strdup-to-duplicate-a-buffer.patch
Description: Text Data
- [PATCH] Fix for invalid read of size 4 in idna_to_ascii_4z,
Alessandro Ghedini <=