On Thu, Jun 11, 2020 at 03:15:55PM +0200, Romero Pérez, Abel wrote:
> I've got a: man(13835) in free(): bogus pointer (double free?) 0x22c43c2813b
>
> To check please, add the following function to .kshrc and run . ./.kshrc:
>
>
> function man {
> set -A array "$@"
> tag=${array[$#-1]}
> PAGER="" MANPAGER="" /usr/bin/man -T html -c pfctl $@ > /tmp/man.html |
> lynx /tmp/man.html#$tag
> #PAGER="" MANPAGER="" /usr/bin/man -T html -c $@ | lynx -stdin
> }
>
> Then launch on prompt: man id
>
>
> The result if exploited is on screenshot, but on console as follows:
>
> foo$ man id
> Abort trap
> foo$
>
This already trips the bug;
man -T html -c pfctl id
No need for a custom man function. No clue yet why.
-Otto
