[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#19563: <DKIM> bug#19563: CVE number and trivial NSC follow-up patch
|
From: |
Jim Meyering |
|
Subject: |
bug#19563: <DKIM> bug#19563: CVE number and trivial NSC follow-up patch |
|
Date: |
Mon, 9 Feb 2015 08:40:13 -0800 |
On Mon, Feb 9, 2015 at 2:08 AM, Santiago Ruano Rincón
<address@hidden> wrote:
> El 01/02/15 a las 08:39, Jim Meyering escribió:
>> I obtained a CVE number for this flaw and added a reference to it in NEWS.
>> Also fixed a now-unnecessary "goto" in related code.
>
> Hi,
>
> I'm running kwset-abuse test, but I don't get any difference with or
> without the fix for this CVE (in kwset.c). Do you think there is an
> issue with the test? Maybe something related to my platform?
>
> Cheers,
>
> Santiago
>
> PS. kwset-abuse.log attached
Thanks for checking. I've just confirmed that backing out that fix and
running kwset-abuse does trigger a segfault on a rawhide x86-64
system, but not on a debian unstable (also x86-64) system. The
trouble is that the test case is sensitive to the implementation
details of the allocator and system details like page size. The test
case was designed to trigger the segfault, given a particular
observed behavior. If you can tune the test to trigger a failure
on your system, I'd be happy to accept a patch that adds
another case for that.