Memory leak at liblas::Open(liblas/liblas.hpp:127) in libLAS (CVE-2018-20540)
manisandro opened this issue · comments
Sandro Mani commented
The following was reported in Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1652612
(It got assigned CVE-2018-20540).
Patch:
diff -rupN --no-dereference libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/include/liblas/liblas.hpp libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/include/liblas/liblas.hpp
--- libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/include/liblas/liblas.hpp 2020-04-05 18:40:29.000000000 +0200
+++ libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/include/liblas/liblas.hpp 2020-04-14 20:10:51.287663527 +0200
@@ -137,7 +137,10 @@ inline std::istream* Open(std::string co
{
ifs = new std::ifstream();
ifs->open(filename.c_str(), mode);
- if (ifs->is_open() == false) return NULL;
+ if (ifs->is_open() == false) {
+ delete ifs;
+ return NULL;
+ }
return ifs;
}
catch (...)
Mateusz Łoskot commented
@manisandro Please, submit PR