Re: [CVE-2017-11109] Reduced samples and patch

2017-07-11 Fir de Conversatie Bram Moolenaar
Christian Brabandt wrote: > On So, 09 Jul 2017, Bram Moolenaar wrote: > > > > > James McCoy wrote: > > > > > A few issues were reported on RedHat's bug tracker[0] which have been > > > assigned CVE-2017-11109. I took an initial look at them and reduced the > > > fuzzer-created scripts so

Re: [CVE-2017-11109] Reduced samples and patch

2017-07-11 Fir de Conversatie Bram Moolenaar
Dominique wrote: > Bram Moolenaar wrote: > > > James McCoy wrote: > > > >> A few issues were reported on RedHat's bug tracker[0] which have been > >> assigned CVE-2017-11109. I took an initial look at them and reduced the > >> fuzzer-created scripts so they're clearer

Re: [CVE-2017-11109] Reduced samples and patch

2017-07-10 Fir de Conversatie Christian Brabandt
On So, 09 Jul 2017, Christian Brabandt wrote: > > Oh and POC3 creates this backtrace: > #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 > #1 0x7426a3fa in __GI_abort () at abort.c:89 > #2 0x742a6bd0 in __libc_message (do_abort=do_abort@entry=2, >

Re: [CVE-2017-11109] Reduced samples and patch

2017-07-09 Fir de Conversatie Christian Brabandt
Oh and POC3 creates this backtrace: #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x7426a3fa in __GI_abort () at abort.c:89 #2 0x742a6bd0 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7439bdd0 "*** Error in `%s': %s: 0x%s

Re: [CVE-2017-11109] Reduced samples and patch

2017-07-09 Fir de Conversatie Christian Brabandt
On So, 09 Jul 2017, Bram Moolenaar wrote: > > James McCoy wrote: > > > A few issues were reported on RedHat's bug tracker[0] which have been > > assigned CVE-2017-11109. I took an initial look at them and reduced the > > fuzzer-created scripts so they're clearer (especially for POC2). > > >

Re: [CVE-2017-11109] Reduced samples and patch

2017-07-09 Fir de Conversatie Dominique Pellé
Bram Moolenaar wrote: > James McCoy wrote: > >> A few issues were reported on RedHat's bug tracker[0] which have been >> assigned CVE-2017-11109. I took an initial look at them and reduced the >> fuzzer-created scripts so they're clearer (especially for POC2). >> >> [0]:

Re: [CVE-2017-11109] Reduced samples and patch

2017-07-09 Fir de Conversatie Bram Moolenaar
James McCoy wrote: > A few issues were reported on RedHat's bug tracker[0] which have been > assigned CVE-2017-11109. I took an initial look at them and reduced the > fuzzer-created scripts so they're clearer (especially for POC2). > > [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1468492 >

Re: [CVE-2017-11109] Reduced samples and patch

2017-07-09 Fir de Conversatie Bram Moolenaar
James McCoy wrote: > A few issues were reported on RedHat's bug tracker[0] which have been > assigned CVE-2017-11109. I took an initial look at them and reduced the > fuzzer-created scripts so they're clearer (especially for POC2). > > [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1468492 >

[CVE-2017-11109] Reduced samples and patch

2017-07-08 Fir de Conversatie James McCoy
Hi Bram, A few issues were reported on RedHat's bug tracker[0] which have been assigned CVE-2017-11109. I took an initial look at them and reduced the fuzzer-created scripts so they're clearer (especially for POC2). [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1468492 I've also attached a