Ignore null deferred postings

All-null transactions (i.e. a transaction where all postings have a null amount) are discarded during parsing and the `xact` object is free'd. But if the transaction contains a deferred posting this results in a use-after-free vulnerability because a reference to the deferred posting is stored in the account object which is later read when deferred postings are applied after parsing is finished. Ignore null deferred postings to prevent this – they should not have any effect any way. Thanks to Cory Duplantis for reporting this issue and providing an initial analysis. Ref TALOS-2017-0304, CVE-2017-2808 Fixes #1723
author: Michael Budde <mbudde@gmail.com> 2019-01-22 19:22:03 +0100
committer: Michael Budde <mbudde@gmail.com> 2019-01-23 08:59:31 +0100
commit: f3bad93db256db07b6cb831d4d24f47543f57e4a (patch)
tree: 7c00b7c3e9d8cfa5b5ea6d6460f4e3079d9e2482 /test
parent: 53f4035a2f4a6f33b447ce3658c4dc062058c422 (diff)
download: fork-ledger-f3bad93db256db07b6cb831d4d24f47543f57e4a.tar.gz
fork-ledger-f3bad93db256db07b6cb831d4d24f47543f57e4a.tar.bz2
fork-ledger-f3bad93db256db07b6cb831d4d24f47543f57e4a.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/test/regress/1723.test b/test/regress/1723.test
new file mode 100644
index 00000000..62a50386
--- /dev/null
+++ b/test/regress/1723.test
@@ -0,0 +1,5 @@
+2017/3/17 deferred posting
+    <deferred posting>
+
+test reg
+end test
author	Michael Budde <mbudde@gmail.com>	2019-01-22 19:22:03 +0100
committer	Michael Budde <mbudde@gmail.com>	2019-01-23 08:59:31 +0100
commit	f3bad93db256db07b6cb831d4d24f47543f57e4a (patch)
tree	7c00b7c3e9d8cfa5b5ea6d6460f4e3079d9e2482 /test
parent	53f4035a2f4a6f33b447ce3658c4dc062058c422 (diff)
download	fork-ledger-f3bad93db256db07b6cb831d4d24f47543f57e4a.tar.gz fork-ledger-f3bad93db256db07b6cb831d4d24f47543f57e4a.tar.bz2 fork-ledger-f3bad93db256db07b6cb831d4d24f47543f57e4a.zip