On 2/11/07, Ken Brush <kbrush@xxxxxxxxx> wrote:
On 2/11/07, Kees Cook wrote: > On Sat, Feb 10, 2007 at 10:32:24PM -0800, Ken Brush wrote: > > Ok, I've attached a patch that fixes this bug. > > I've adjust this to check for the NULL deref just before the header data > free call: I like how you did it better. Here's the 2nd revision of my patch with your change. -Ken
After giving this some thought last night, I realized that it's probably better if we don't create a structure full of possible holes (we trust h.sid a little too much at this point). So here's a potentially better fix. It renders my previous patches unneccessary, since we never hit a ctx->hdr that is uninitialized. You can back out the previously committed cvs change if you want. -Ken
Attachment:
patch-1.5.13.kb.imap_segfault_on_corruption.3
Description: Binary data