There is a clear Use-After-Free vulnerability in net-msg-buffers.c. The pointer C is freed, but then accessed in the subsequent lines.
Affected code:
memset (C, 0, sizeof (struct msg_buffers_chunk));
free (C);
int si = buffer_size_values - 1;
while (si > 0 && &ChunkHeaders[si-1] != CH) {
si--;
}
assert (si >= 0);
if (ChunkSave[si] == C) {
ChunkSave[si] = NULL;
}
free_mp_queue (C->free_block_queue);
C->free_block_queue = NULL;
Impact:
This can lead to memory corruption, unpredictable behavior, or crashes, especially in high-load MTProxy environments where the memory allocator might quickly reuse the address of C.
Suggested fix:
Move free(C) and memset(C, 0, ...) to the very end of the function.
There is a clear Use-After-Free vulnerability in
net-msg-buffers.c. The pointerCis freed, but then accessed in the subsequent lines.Affected code:
Impact:
This can lead to memory corruption, unpredictable behavior, or crashes, especially in high-load MTProxy environments where the memory allocator might quickly reuse the address of
C.Suggested fix:
Move
free(C)andmemset(C, 0, ...)to the very end of the function.