From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Adrian Bunk Newsgroups: gmane.emacs.bugs Subject: bug#61819: The CVE-2022-48337 fix seems to introduce a memory leak Date: Sun, 26 Feb 2023 12:40:45 +0200 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="31114"; mail-complaints-to="usenet@ciao.gmane.io" To: 61819@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Feb 26 18:42:20 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pWL2S-0007xj-KN for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 26 Feb 2023 18:42:20 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pWL2E-0002EP-G5; Sun, 26 Feb 2023 12:42:07 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pWL2B-0002CM-O1 for bug-gnu-emacs@gnu.org; Sun, 26 Feb 2023 12:42:03 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pWL2A-00013T-Vc for bug-gnu-emacs@gnu.org; Sun, 26 Feb 2023 12:42:03 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pWL2A-0006gH-MZ for bug-gnu-emacs@gnu.org; Sun, 26 Feb 2023 12:42:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Adrian Bunk Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 26 Feb 2023 17:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 61819 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.167743330225652 (code B ref -1); Sun, 26 Feb 2023 17:42:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 26 Feb 2023 17:41:42 +0000 Original-Received: from localhost ([127.0.0.1]:45022 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pWL1o-0006fd-HQ for submit@debbugs.gnu.org; Sun, 26 Feb 2023 12:41:42 -0500 Original-Received: from lists.gnu.org ([209.51.188.17]:33730) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pWESa-0000Uz-At for submit@debbugs.gnu.org; Sun, 26 Feb 2023 05:40:52 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pWESa-0006Y6-1M for bug-gnu-emacs@gnu.org; Sun, 26 Feb 2023 05:40:52 -0500 Original-Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pWESY-0005J6-CT for bug-gnu-emacs@gnu.org; Sun, 26 Feb 2023 05:40:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.stravinsky; h=X-Debian-User:Content-Type:MIME-Version:Message-ID: Subject:To:From:Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=5jBZUS0MbEbvEjeXt3UcDpVQ+A2wiSw5qPoXa+sLteQ=; b=B/9OAsNyJ6HJDlgMLbxb2Q6MQq PbzTPC9ssUiMngeRUIGW3GjE0AiSPPiAEGAmRhrz50rTYsSc1Tc7DSapHyFIZ18SVrp/zdGDITyoT aaMzD1dQc7pYjfN5OhZmzsWyIyduPjpXRJTqezKazwHuzZE44mkP1JXGipgjXDoZI9/We5b/EPg6W gyQTNxLgSZjUw4ScGFpSwn6ylUf4julIqTyRywS9ef+JZ0lUxJXEkeVzYabRtIGSIZ4LnIOUaHx4E v6Kxoi/VcUJGZsEedbzWVyUlmbj9Pu/zXH+RsQBrdmIe+FBDaujiZLvOIp8qxGRJoH3rCyJbMcrII kvKQ4DIA==; Original-Received: from authenticated user by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94.2) (envelope-from ) id 1pWESU-00C9rl-78 for bug-gnu-emacs@gnu.org; Sun, 26 Feb 2023 10:40:47 +0000 Content-Disposition: inline X-Debian-User: bunk Received-SPF: none client-ip=2001:41b8:202:deb::311:108; envelope-from=bunk@debian.org; helo=stravinsky.debian.org X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Sun, 26 Feb 2023 12:41:39 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:256826 Archived-At: In the upstream bug for CVE-2022-48337 there was originally[1] + free (new_real_name); + free (new_tmp_name); in the fix that later disappeared (by accident?). This seems to introduce a memory leak, this memory allocated by escape_shell_arg_string() is now never freed. cu Adrian [1] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817#23