[milters] Archive

Lists Index Date Thread Search

Article: 697
From: Jan Holmberg
Date: 2005-08-16 04:21:34 -0400
Subject: Memory Error in spf.c libsnert-1.50

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Hi all,

Found some memory bugg in spf.c in function spfCheck(spfContext *ctx, 
const char *domain).
Double release when jumping via goto error5,  just before Dnsget calls.
Move all VectorDestroy(entries); before Dnsget calls.

Check logg:
==6383== Invalid read of size 4
==6383==    at 0x8055053: VectorRemoveAll (Vector.c:182)
==6383==    by 0x8055081: VectorDestroy (Vector.c:191)
==6383==    by 0x805496F: spfCheck (spf.c:607)
==6383==    by 0x805477B: spfCheck (spf.c:536)
==6383==  Address 0xB531120C is 116 bytes inside a block of size 124 free'd
==6383==    at 0xB7ED2F0B: free (vg_replace_malloc.c:186)
==6383==    by 0x80550A0: VectorDestroy (Vector.c:193)
==6383==    by 0x80542DB: spfCheck (spf.c:413)
==6383==    by 0x805477B: spfCheck (spf.c:536)
==6383==
==6383== Thread 7:
==6383== Invalid read of size 4
==6383==    at 0x8054F92: VectorRemoveSome (Vector.c:159)
==6383==    by 0x805505F: VectorRemoveAll (Vector.c:182)
==6383==    by 0x8055081: VectorDestroy (Vector.c:191)
==6383==    by 0x805496F: spfCheck (spf.c:607)
==6383==  Address 0xB531120C is 116 bytes inside a block of size 124 free'd
==6383==    at 0xB7ED2F0B: free (vg_replace_malloc.c:186)
==6383==    by 0x80550A0: VectorDestroy (Vector.c:193)
==6383==    by 0x80542DB: spfCheck (spf.c:413)
==6383==    by 0x805477B: spfCheck (spf.c:536)
==6383==
==6383== Thread 7:
==6383== Invalid read of size 4
==6383==    at 0x805500D: VectorRemoveSome (Vector.c:173)
==6383==    by 0x805505F: VectorRemoveAll (Vector.c:182)
==6383==    by 0x8055081: VectorDestroy (Vector.c:191)
==6383==    by 0x805496F: spfCheck (spf.c:607)
==6383==  Address 0xB531120C is 116 bytes inside a block of size 124 free'd
==6383==    at 0xB7ED2F0B: free (vg_replace_malloc.c:186)
==6383==    by 0x80550A0: VectorDestroy (Vector.c:193)
==6383==    by 0x80542DB: spfCheck (spf.c:413)
==6383==    by 0x805477B: spfCheck (spf.c:536)

//Jan



>  
>

Lists Index Date Thread Search