[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
From: |
Eli Zaretskii |
Subject: |
bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability |
Date: |
Sat, 26 Nov 2022 12:14:56 +0200 |
> From: Stefan Kangas <stefankangas@gmail.com>
> Date: Sat, 26 Nov 2022 01:47:25 -0800
> Cc: Eli Zaretskii <eliz@gnu.org>, 59544@debbugs.gnu.org
>
> lux <lx@shellcodes.org> writes:
>
> > 在 2022/11/26 08:43, Stefan Kangas 写道:
> >
> > Other than that, LGTM.
> >
> >> + char *buf = xmalloc (buf_len);
> >
> > The buf variable is not released after use, I added free (buf)
>
> Thanks. I think we should aim to push this security fix ASAP.
>
> Eli, any additional comments on the patch?
Please don't push, the patch was posted just a few hours ago. I have a lot
to do on my hands, and will get to reviewing this in due time. We've lived
with this "security issue" for decades, so I see nothing here that justifies
"ASAP".
I find the tendency to rush with installing changes bad for the quality of
our code. I always wait at least for a week before installing myself, and
suggest that you do the same. Doing so lets others chime in and provide
valuable input and comments.
Thanks in advance.
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, (continued)
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability,
Eli Zaretskii <=
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/27