Christian Jaeger wrote:
Whether this has security implications or not, I don't know.
It has, literally, been years since I touched the code. As far as I can
tell, an attacker trying to exploit this is running in the same
privilege level as the potential gain from an exploitable buffer overrun
(i.e. - no security implications as there is no privilege escalation).
This is in addition to the fact that off by ones on the heap are hard to
exploit. However, with these bugs, it is easier to fix than to explain
why a fix is not necessary.
I'm going to push a fix through, but pending more info from you or
someone else, I will be marking it as neither "security" nor high priority.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
