[patch] fix use after free in ziptool / cat,
- Re: [patch] fix use after free in ziptool / cat, Thomas Klausner (2016/10/18 11:32:36)
On Tue, Oct 18, 2016 at 01:22:43PM +0200, Hanno Böck wrote: > Attached is a malformed zip file that will expose a use after free bug > in ziptool's cat functionality. Test with "ziptool [file] cat 0" (you > may need to use a memory safety tool like address sanitizer to see this > bug). > > The problem is that zip_fclose is called on the file handler zf and then > zip_file_strerror is called on zf after that. Switching the zip_fclose > and the error message command should fix that, see attached patch. > > This bug was found with the tool american fuzzy lop. Please note that > it only affects the command line tool ziptool, not the libzip library > itself. Thank you, committed and pushed! Let me know if you find any more problems. Thomas
Made by MHonArc.