Hi Romain, [Adding Moritz to CC]
On Fri, Nov 23, 2018 at 12:33:26PM +0100, Romain Francoise wrote: > Hi Salvatore, > > On Thu, Nov 22, 2018 at 9:53 PM Salvatore Bonaccorso <car...@debian.org> > wrote: > > The "attack" scenario described as follows, that an attacker can cause > > a denial of service (tmux crash) by "by arranging for a malloc > > failure" triggering the issue in format_cb_pane_tabs in format.c > > > > Does this helps? > > Not really, because the proposed fix just calls fatal() on allocation > failure so tmux will crash anyway. Someone must have thought that the > failure was exploitable in some way, and it's not clear to me which. > > Thanks anyway! Oh well I see, yes then it was not very helpful from my side. Sorry. Yes you are right. I understand now and as well your concerns on my report. Given upstream did adress it as such, could you contact upstream to see what's their take on this? Regards, Salvatore