Ticket #4620 (closed defect: fixed)

Opened 8 days ago

Last modified 5 days ago

[PATCH] (config_parser.c) fix use-after-free

Reported by: and Owned by: andrew_b
Priority: major Milestone: 4.8.33
Component: mc-vfs Version: 4.8.32
Keywords: Cc:
Blocked By: Blocking: #4621
Branch state: merged Votes for changeset: committed-master

Description

Fix Use-after-free in sftpfs_fill_connection_data_from_config()

and enable libssh2 "Hostname %h" support for real.

Found by Clang-19 Static Analyzer

Attachments

mc-4620-config_parser_c-fix-use-after-free.patch (1.4 KB) - added by and 8 days ago.

Change History

Changed 8 days ago by and

comment:1 Changed 7 days ago by zaytsev

  • Milestone changed from Future Releases to 4.8.33

comment:2 Changed 5 days ago by andrew_b

  • Owner set to andrew_b
  • Status changed from new to accepted
  • Version changed from master to 4.8.32
  • Branch state changed from no branch to on review

Branch: 4620_use_after_free
Initial changeset:677cd6026999a5ce2dd66f4e76f5ab8506c269e3

A simpler patch is applied: get rid of string duplication.

comment:3 Changed 5 days ago by andrew_b

  • Blocking 4621 added

(In #4621) Fixed in 4620_use_after_free branch.

comment:4 Changed 5 days ago by zaytsev

  • Votes for changeset set to яфнеыум
  • Branch state changed from on review to approved

comment:5 Changed 5 days ago by zaytsev

  • Votes for changeset changed from яфнеыум to zaytsev

comment:6 Changed 5 days ago by andrew_b

  • Status changed from accepted to testing
  • Votes for changeset changed from zaytsev to committed-master
  • Resolution set to fixed
  • Branch state changed from approved to merged

Merged to master: [c4af7f061108a49a6e9530e847d68f5bc857403b].

git log --oneline 0df9c46cd..c4af7f061

comment:7 Changed 5 days ago by andrew_b

  • Status changed from testing to closed

comment:8 Changed 5 days ago by andrew_b

  • Component changed from mc-core to mc-vfs
Note: See TracTickets for help on using tickets.