bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability

From:	Eli Zaretskii
Subject:	bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
Date:	Sat, 26 Nov 2022 12:14:56 +0200

> From: Stefan Kangas <stefankangas@gmail.com>
> Date: Sat, 26 Nov 2022 01:47:25 -0800
> Cc: Eli Zaretskii <eliz@gnu.org>, 59544@debbugs.gnu.org
> 
> lux <lx@shellcodes.org> writes:
> 
> > 在 2022/11/26 08:43, Stefan Kangas 写道:
> >
> >  Other than that, LGTM.
> >
> >> +          char *buf = xmalloc (buf_len);
> >
> > The buf variable is not released after use, I added free (buf)
> 
> Thanks.  I think we should aim to push this security fix ASAP.
> 
> Eli, any additional comments on the patch?

Please don't push, the patch was posted just a few hours ago.  I have a lot
to do on my hands, and will get to reviewing this in due time.  We've lived
with this "security issue" for decades, so I see nothing here that justifies
"ASAP".

I find the tendency to rush with installing changes bad for the quality of
our code.  I always wait at least for a week before installing myself, and
suggest that you do the same.  Doing so lets others chime in and provide
valuable input and comments.

Thanks in advance.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, (continued)

Prev by Date: bug#59603: 28.1.90; `ucs-normalize-string' fails to work
Next by Date: bug#59603: 28.1.90; `ucs-normalize-string' fails to work
Previous by thread: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
Next by thread: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
Index(es):
- Date
- Thread