[Users] [Bug 3610] New: Heap use after free in privacy_mimeinfo_check_signature()

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Thu Feb 4 21:44:00 CET 2016


            Bug ID: 3610
           Summary: Heap use after free in
    Classification: Unclassified
           Product: Claws Mail
           Version: other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Other
          Assignee: users at lists.claws-mail.org
          Reporter: hanno at hboeck.de

Created attachment 1628
asan error / stack trace for use after free in privacy_mimeinfo_check_signature

I discovered a use after free error with address sanitizer. It seems similar to
bug #3598.

A reliable way to reproduce it:
* Have the pgp plugins enabled.
* Open a pgp-signed mail in one folder.
* Go to another folder, don't open a mail.
* Press "c" (which is "check signature, but should do nothing as no mail is

If claws-mail was compiled with address sanitizer enabled it will terminate and
show a use after free error. I have attached the asan log.

I think there is a problem with the variable mimeinfo that is similar to the
problem with msginfo in bug #3598.

Right before the uaf I see there is this code:
    cm_return_val_if_fail(mimeinfo != NULL, -1);

That is the code assumes that if mimeinfo is not null it contains valid data.
For this to be true at every place it gets freed it would have to be set to
zero, which is not happening.

You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list