Bug 101212 - p11-kit-server – use-after-free
Summary: p11-kit-server – use-after-free
Status: RESOLVED FIXED
Alias: None
Product: p11-glue
Classification: Unclassified
Component: p11-kit (show other bugs)
Version: unspecified
Hardware: Other Linux (All)
: medium normal
Assignee: Daiki Ueno
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-27 17:06 UTC by Mantas Mikulėnas
Modified: 2017-05-29 11:34 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Description Mantas Mikulėnas 2017-05-27 17:06:06 UTC
In p11-kit 0.23.6 (Linux), calling `p11-kit server …` will bind the socket on a garbage path. This seems to be caused by a stray free(socket_name) immediately after giving it to socket_new().
Comment 1 Daiki Ueno 2017-05-29 11:34:37 UTC
Oops, that's embarrassing.  Thank you for spotting it.
I have pushed a fix for this:
https://github.com/p11-glue/p11-kit/pull/78


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.