1. 14 Jul, 2019 1 commit
  2. 11 Apr, 2019 1 commit
  3. 10 Apr, 2019 2 commits
  4. 24 Mar, 2019 4 commits
  5. 10 Mar, 2019 1 commit
  6. 03 Mar, 2019 1 commit
  7. 08 Dec, 2018 1 commit
  8. 19 Nov, 2018 1 commit
  9. 10 Nov, 2018 1 commit
  10. 14 Sep, 2017 2 commits
  11. 07 Sep, 2017 8 commits
  12. 24 Apr, 2017 1 commit
  13. 26 Jan, 2017 3 commits
  14. 09 Dec, 2016 1 commit
    • Tobias Stoeckmann's avatar
      Fix use after free on subsequent calls · ac4bb20e
      Tobias Stoeckmann authored
      The function IceAuthFileName is vulnerable to a use after free. The
      flaw can be triggered by calling the function three times:
      
      - First call succeeds and stores the path in buf, a dynamically
        allocated buffer with size bsize.
      - Second call fails due to out of memory. It frees buf, but keeps
        the old size in bsize.
      - Third call only checks if bsize is large enough. Then it uses
        buf without allocating it again -- the use after free happens.
      
      In order to exploit this, an attacker must change environment variables
      between each call, namely ICEAUTHORITY or HOME. It also takes subsequent
      calls. Due to these limitations, I don't consider this to be of high
      priority.
      Reviewed-by: Matthieu Herrb's avatarMatthieu Herrb <matthieu@herrb.eu>
      ac4bb20e
  15. 19 Jul, 2015 1 commit
  16. 10 Apr, 2015 1 commit
  17. 15 Sep, 2014 1 commit
  18. 07 Jun, 2014 1 commit
  19. 24 Dec, 2013 2 commits
  20. 12 Sep, 2013 1 commit
  21. 09 Aug, 2013 5 commits