1. 30 Apr, 2022 5 commits
  2. 10 Apr, 2020 1 commit
  3. 14 Jul, 2019 1 commit
  4. 11 Apr, 2019 1 commit
  5. 10 Apr, 2019 2 commits
  6. 24 Mar, 2019 4 commits
  7. 10 Mar, 2019 1 commit
  8. 03 Mar, 2019 1 commit
  9. 08 Dec, 2018 1 commit
  10. 19 Nov, 2018 1 commit
  11. 10 Nov, 2018 1 commit
  12. 14 Sep, 2017 2 commits
  13. 07 Sep, 2017 8 commits
  14. 24 Apr, 2017 1 commit
  15. 26 Jan, 2017 3 commits
  16. 09 Dec, 2016 1 commit
    • Tobias Stoeckmann's avatar
      Fix use after free on subsequent calls · ac4bb20e
      Tobias Stoeckmann authored and Matthieu Herrb's avatar Matthieu Herrb committed
      
      
      The function IceAuthFileName is vulnerable to a use after free. The
      flaw can be triggered by calling the function three times:
      
      - First call succeeds and stores the path in buf, a dynamically
        allocated buffer with size bsize.
      - Second call fails due to out of memory. It frees buf, but keeps
        the old size in bsize.
      - Third call only checks if bsize is large enough. Then it uses
        buf without allocating it again -- the use after free happens.
      
      In order to exploit this, an attacker must change environment variables
      between each call, namely ICEAUTHORITY or HOME. It also takes subsequent
      calls. Due to these limitations, I don't consider this to be of high
      priority.
      Reviewed-by: Matthieu Herrb's avatarMatthieu Herrb <matthieu@herrb.eu>
      ac4bb20e
  17. 19 Jul, 2015 1 commit
  18. 10 Apr, 2015 1 commit
  19. 15 Sep, 2014 1 commit
  20. 07 Jun, 2014 1 commit
  21. 24 Dec, 2013 2 commits