List Archive

Thread

Thread Index

Message

From: Thomas Klausner <tk%giga.or.at@localhost>
To: Hanno Böck <hanno%hboeck.de@localhost>
Subject: Re: [patch] fix use after free in ziptool / cat
Date: Tue, 18 Oct 2016 13:32:35 +0200

On Tue, Oct 18, 2016 at 01:22:43PM +0200, Hanno Böck wrote:
> Attached is a malformed zip file that will expose a use after free bug
> in ziptool's cat functionality. Test with "ziptool [file] cat 0" (you
> may need to use a memory safety tool like address sanitizer to see this
> bug).
> 
> The problem is that zip_fclose is called on the file handler zf and then
> zip_file_strerror is called on zf after that. Switching the zip_fclose
> and the error message command should fix that, see attached patch.
> 
> This bug was found with the tool american fuzzy lop. Please note that
> it only affects the command line tool ziptool, not the libzip library
> itself.

Thank you, committed and pushed!

Let me know if you find any more problems.
 Thomas

Made by MHonArc.