The following reply was made to PR bin/34030; it has been noted by GNATS.

From: Takehiko NOZAKI <th-nozaki@netwrk.co.jp>
To: gnats-bugs@NetBSD.org
Cc: cube@cubidou.net
Subject: Re: bin/34030: double-free bugs in CVS 1.11.22
Date: Wed, 19 Jul 2006 00:00:59 +0900

 hi,
 
 >  > RCS file: /cvsroot/src/gnu/dist/xcvs/src/client.c,v
 >  > retrieving revision 1.7
 >  > diff -u -r1.7 client.c
 >  > --- gnu/dist/xcvs/src/client.c	23 Jun 2006 22:44:11 -0000	1.7
 >  > +++ gnu/dist/xcvs/src/client.c	18 Jul 2006 07:33:06 -0000
 >  > @@ -3937,7 +3937,8 @@
 >  > =20
 >  >          /* Paranoia. */
 >  >          memset (password, 0, strlen (password));
 >  > -	free (password);
 >  > +	if (no_passwd =3D=3D 1) /* password =3D=3D get_cvs_password() */
 >  > +             free (password);
 >  >  # else /* ! AUTH_CLIENT_SUPPORT */
 >  >  	error (1, 0, "INTERNAL ERROR: This client does not support pserver auth=
 >  entication");
 >  >  # endif /* AUTH_CLIENT_SUPPORT */
 >  
 >  The memset line is also wrong in that case.  Or, at least, not needed
 >  (is strlen(NULL) defined?).
 >  
 
 as far as i knew, cvs's xmalloc() seems never return NULL.
 (if xmalloc((size_t)0) is called, return size=1 buffer).
 
 very truly yours.
 --
 Takehiko NOZAKI <tnozaki@NetBSD.org>