Hey Vlad,
Thanks for taking time to look at this!
The xmlRealloc calls in xinclude.c seems to exhibit the same problem,
have you considered fixing them?
Not in this late build for a few reasons:
-less change/less risk for this last build
-in the latest libxml2 source they have not been changed
-and without a known or problem or vulnerability with that code I can't
justify changing it.
If this were an earlier build I'd have more options.
The same ./xmlreader.c xmlTextReaderEntPush. Especially since it's
return value is not checked.
Same as above.
The only xmlRealloc ./nanohttp.c looks suspicious too.
Then I stopped looking for more. But it was just a quick grep across the
sources. Is there some pattern which places are dangerous and which are
not?
While the code you reference in all of the above looks suspicious to me
also about all I can say is that in this last build we have to weigh the
risks of fixing something against the benefit we get from the fix. The
benefit to fixing code that has not been proven to have a problem (i.e.
test case, exploit, vulnerability, bugs reported against it, etc)
doesn't outweigh the risk to changing it and possibly breaking something
this late in the process.
Thanks,
Kevin.
_______________________________________________
userland-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/userland-discuss
