* [PATCH] gzerror() after gzclose_r() is a use after free
@ 2020-04-14 17:36 Olivier Taïbi
2020-04-14 20:40 ` David Bremner
2020-04-16 11:11 ` David Bremner
0 siblings, 2 replies; 3+ messages in thread
From: Olivier Taïbi @ 2020-04-14 17:36 UTC (permalink / raw)
To: notmuch
As suggested by David Bremner in
https://notmuchmail.org/pipermail/notmuch/2020/029288.html
here is a separate patch for bug #2: calling gzerror() (indirectly via
gzerror_str()) after gzclose_r is a use after free, according to zlib's manual.
diff --git a/notmuch-restore.c b/notmuch-restore.c
index 9a8b7fb5..e2dc3d45 100644
--- a/notmuch-restore.c
+++ b/notmuch-restore.c
@@ -237,6 +237,7 @@ notmuch_restore_command (notmuch_config_t *config, int argc, char *argv[])
int opt_index;
int include = 0;
int input_format = DUMP_FORMAT_AUTO;
+ int errnum;
if (notmuch_database_open (notmuch_config_get_database_path (config),
NOTMUCH_DATABASE_MODE_READ_WRITE, ¬much))
@@ -448,10 +449,13 @@ notmuch_restore_command (notmuch_config_t *config, int argc, char *argv[])
if (notmuch)
notmuch_database_destroy (notmuch);
- if (input && gzclose_r (input)) {
- fprintf (stderr, "Error closing %s: %s\n",
- name_for_error, gzerror_str (input));
- ret = EXIT_FAILURE;
+ if (input) {
+ errnum = gzclose_r (input);
+ if (errnum) {
+ fprintf (stderr, "Error closing %s: %d\n",
+ name_for_error, errnum);
+ ret = EXIT_FAILURE;
+ }
}
return ret ? EXIT_FAILURE : EXIT_SUCCESS;
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] gzerror() after gzclose_r() is a use after free
2020-04-14 17:36 [PATCH] gzerror() after gzclose_r() is a use after free Olivier Taïbi
@ 2020-04-14 20:40 ` David Bremner
2020-04-16 11:11 ` David Bremner
1 sibling, 0 replies; 3+ messages in thread
From: David Bremner @ 2020-04-14 20:40 UTC (permalink / raw)
To: Olivier Taïbi, notmuch
Olivier Taïbi <oli@olitb.net> writes:
> As suggested by David Bremner in
> https://notmuchmail.org/pipermail/notmuch/2020/029288.html
> here is a separate patch for bug #2: calling gzerror() (indirectly via
> gzerror_str()) after gzclose_r is a use after free, according to zlib's manual.
>
Looks OK. The commit message could be trimmed, but I can live with the
current version.
d
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] gzerror() after gzclose_r() is a use after free
2020-04-14 17:36 [PATCH] gzerror() after gzclose_r() is a use after free Olivier Taïbi
2020-04-14 20:40 ` David Bremner
@ 2020-04-16 11:11 ` David Bremner
1 sibling, 0 replies; 3+ messages in thread
From: David Bremner @ 2020-04-16 11:11 UTC (permalink / raw)
To: Olivier Taïbi, notmuch
Olivier Taïbi <oli@olitb.net> writes:
> As suggested by David Bremner in
> https://notmuchmail.org/pipermail/notmuch/2020/029288.html
> here is a separate patch for bug #2: calling gzerror() (indirectly via
> gzerror_str()) after gzclose_r is a use after free, according to zlib's manual.
pushed, with revised commit message
d
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-04-16 11:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-14 17:36 [PATCH] gzerror() after gzclose_r() is a use after free Olivier Taïbi
2020-04-14 20:40 ` David Bremner
2020-04-16 11:11 ` David Bremner
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).