Bug 101212

Summary: p11-kit-server – use-after-free
Product: p11-glue Reporter: Mantas Mikulėnas <grawity>
Component: p11-kitAssignee: Daiki Ueno <ueno>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Mantas Mikulėnas 2017-05-27 17:06:06 UTC 
In p11-kit 0.23.6 (Linux), calling `p11-kit server …` will bind the socket on a garbage path. This seems to be caused by a stray free(socket_name) immediately after giving it to socket_new().
Comment 1 Daiki Ueno 2017-05-29 11:34:37 UTC 
Oops, that's embarrassing.  Thank you for spotting it.
I have pushed a fix for this:
https://github.com/p11-glue/p11-kit/pull/78

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.