tag 681888 - patch thanks On Fri, Sep 21, 2012 at 06:27:38PM +0200, Arne Wichmann wrote: > tag 681888 + patch > thanks > > There is a fix for CVE-2012-3406 in > https://bugzilla.redhat.com/attachment.cgi?id=594722 >
As already explained earlier before this bug was cloned, I don't think we should use this patch: | I'll add the patches for CVE-2012-3404 and CVE-2012-3405 as they come | from upstream and look correct. For CVE-2012-3406 RedHat, as usual, | hasn't submitted the patch upstream and thus it hasn't been reviewed. I | have looked at it quickly and I have to say I don't really like it. | Replacing a call to alloca() by a call to malloc() without checking the | return value is only a small improvement when the attacker can control | the allocation size. Also it means the attacker can DoS the system or | crash the program. To finish malloc() + memmove() + free() is not the | best way to reallocate big chunks of memory when realloc() exists. | | I am therefore not planning to apply this patch in the current state, | and thus I am cloning this bug to keep this CVE entry separated from the | others. -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurel...@aurel32.net http://www.aurel32.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
