From f3bad93db256db07b6cb831d4d24f47543f57e4a Mon Sep 17 00:00:00 2001 From: Michael Budde Date: Tue, 22 Jan 2019 19:22:03 +0100 Subject: Ignore null deferred postings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All-null transactions (i.e. a transaction where all postings have a null amount) are discarded during parsing and the `xact` object is free'd. But if the transaction contains a deferred posting this results in a use-after-free vulnerability because a reference to the deferred posting is stored in the account object which is later read when deferred postings are applied after parsing is finished. Ignore null deferred postings to prevent this – they should not have any effect any way. Thanks to Cory Duplantis for reporting this issue and providing an initial analysis. Ref TALOS-2017-0304, CVE-2017-2808 Fixes #1723 --- test/regress/1723.test | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 test/regress/1723.test (limited to 'test') diff --git a/test/regress/1723.test b/test/regress/1723.test new file mode 100644 index 00000000..62a50386 --- /dev/null +++ b/test/regress/1723.test @@ -0,0 +1,5 @@ +2017/3/17 deferred posting + + +test reg +end test -- cgit v1.2.3