Details

    • Type: Defect
    • Status: Done
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 0.9.10-incubating
    • Component/s: SSH, Telnet
    • Labels:
      None
    • Sprint:
      DEV 2016-01-29

      Description

      Within guac_terminal_typescript_alloc(), in the case that creation of the typescript fails and allocation must be aborted, the file descriptor and memory are released in the wrong order:

      139
          /* Attempt to open typescript timing file */
      140
          typescript->timing_fd = open(typescript->timing_filename,
      141
                  O_CREAT | O_EXCL | O_WRONLY,
      142
                  S_IRUSR | S_IWUSR);
      143
          if (typescript->timing_fd == -1) {
      144
              free(typescript);
      145
              close(typescript->data_fd);
      146
              return NULL;
      147
          }

      Since typescript has been freed at line 144, the attempt to dereference on line 145 will segfault.

        Attachments

          Activity

            People

            Assignee:
            mike.jumper Michael Jumper
            Reporter:
            mike.jumper Michael Jumper
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: