diff options
Diffstat (limited to 'meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch')
-rw-r--r-- | meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch b/meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch new file mode 100644 index 0000000000..85398a82ec --- /dev/null +++ b/meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch | |||
@@ -0,0 +1,158 @@ | |||
1 | From 6c99f33252d8bf8ff3e49013b8ad78aacf71c5d8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jaroslav Rohel <jrohel@redhat.com> | ||
3 | Date: Tue, 11 Dec 2018 10:14:04 +0100 | ||
4 | Subject: [PATCH] Fix: Memory leaks | ||
5 | Reply-To: muislam@microsoft.com | ||
6 | |||
7 | CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | |||
11 | Signed-off-by: Muminul Islam <muislam@microsoft.com> | ||
12 | |||
13 | Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits | ||
14 | --- | ||
15 | ext/repo_rpmdb.c | 16 ++++++++++++++++ | ||
16 | ext/testcase.c | 4 ++++ | ||
17 | tools/repo2solv.c | 1 + | ||
18 | 3 files changed, 21 insertions(+) | ||
19 | |||
20 | diff --git a/ext/repo_rpmdb.c b/ext/repo_rpmdb.c | ||
21 | index 75bb6780..ff939978 100644 | ||
22 | --- a/ext/repo_rpmdb.c | ||
23 | +++ b/ext/repo_rpmdb.c | ||
24 | @@ -1939,6 +1939,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags) | ||
25 | if (fread(lead, 96 + 16, 1, fp) != 1 || getu32(lead) != 0xedabeedb) | ||
26 | { | ||
27 | pool_error(pool, -1, "%s: not a rpm", rpm); | ||
28 | + solv_chksum_free(leadsigchksumh, NULL); | ||
29 | + solv_chksum_free(chksumh, NULL); | ||
30 | fclose(fp); | ||
31 | return 0; | ||
32 | } | ||
33 | @@ -1951,12 +1953,16 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags) | ||
34 | if (lead[78] != 0 || lead[79] != 5) | ||
35 | { | ||
36 | pool_error(pool, -1, "%s: not a rpm v5 header", rpm); | ||
37 | + solv_chksum_free(leadsigchksumh, NULL); | ||
38 | + solv_chksum_free(chksumh, NULL); | ||
39 | fclose(fp); | ||
40 | return 0; | ||
41 | } | ||
42 | if (getu32(lead + 96) != 0x8eade801) | ||
43 | { | ||
44 | pool_error(pool, -1, "%s: bad signature header", rpm); | ||
45 | + solv_chksum_free(leadsigchksumh, NULL); | ||
46 | + solv_chksum_free(chksumh, NULL); | ||
47 | fclose(fp); | ||
48 | return 0; | ||
49 | } | ||
50 | @@ -1965,6 +1971,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags) | ||
51 | if (sigcnt >= MAX_SIG_CNT || sigdsize >= MAX_SIG_DSIZE) | ||
52 | { | ||
53 | pool_error(pool, -1, "%s: bad signature header", rpm); | ||
54 | + solv_chksum_free(leadsigchksumh, NULL); | ||
55 | + solv_chksum_free(chksumh, NULL); | ||
56 | fclose(fp); | ||
57 | return 0; | ||
58 | } | ||
59 | @@ -1975,6 +1983,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags) | ||
60 | { | ||
61 | if (!headfromfp(&state, rpm, fp, lead + 96, sigcnt, sigdsize, sigpad, chksumh, leadsigchksumh)) | ||
62 | { | ||
63 | + solv_chksum_free(leadsigchksumh, NULL); | ||
64 | + solv_chksum_free(chksumh, NULL); | ||
65 | fclose(fp); | ||
66 | return 0; | ||
67 | } | ||
68 | @@ -2014,6 +2024,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags) | ||
69 | if (fread(lead, l, 1, fp) != 1) | ||
70 | { | ||
71 | pool_error(pool, -1, "%s: unexpected EOF", rpm); | ||
72 | + solv_chksum_free(leadsigchksumh, NULL); | ||
73 | + solv_chksum_free(chksumh, NULL); | ||
74 | fclose(fp); | ||
75 | return 0; | ||
76 | } | ||
77 | @@ -2034,6 +2046,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags) | ||
78 | if (fread(lead, 16, 1, fp) != 1) | ||
79 | { | ||
80 | pool_error(pool, -1, "%s: unexpected EOF", rpm); | ||
81 | + solv_chksum_free(chksumh, NULL); | ||
82 | fclose(fp); | ||
83 | return 0; | ||
84 | } | ||
85 | @@ -2042,6 +2055,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags) | ||
86 | if (getu32(lead) != 0x8eade801) | ||
87 | { | ||
88 | pool_error(pool, -1, "%s: bad header", rpm); | ||
89 | + solv_chksum_free(chksumh, NULL); | ||
90 | fclose(fp); | ||
91 | return 0; | ||
92 | } | ||
93 | @@ -2050,6 +2064,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags) | ||
94 | if (sigcnt >= MAX_HDR_CNT || sigdsize >= MAX_HDR_DSIZE) | ||
95 | { | ||
96 | pool_error(pool, -1, "%s: bad header", rpm); | ||
97 | + solv_chksum_free(chksumh, NULL); | ||
98 | fclose(fp); | ||
99 | return 0; | ||
100 | } | ||
101 | @@ -2057,6 +2072,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags) | ||
102 | |||
103 | if (!headfromfp(&state, rpm, fp, lead, sigcnt, sigdsize, 0, chksumh, 0)) | ||
104 | { | ||
105 | + solv_chksum_free(chksumh, NULL); | ||
106 | fclose(fp); | ||
107 | return 0; | ||
108 | } | ||
109 | diff --git a/ext/testcase.c b/ext/testcase.c | ||
110 | index aa72a8d7..3901d90d 100644 | ||
111 | --- a/ext/testcase.c | ||
112 | +++ b/ext/testcase.c | ||
113 | @@ -2348,6 +2348,7 @@ testcase_write_mangled(Solver *solv, const char *dir, int resultflags, const cha | ||
114 | if (fclose(fp)) | ||
115 | { | ||
116 | pool_error(solv->pool, 0, "testcase_write: write error"); | ||
117 | + solv_free(result); | ||
118 | strqueue_free(&sq); | ||
119 | return 0; | ||
120 | } | ||
121 | @@ -2360,12 +2361,14 @@ testcase_write_mangled(Solver *solv, const char *dir, int resultflags, const cha | ||
122 | if (!(fp = fopen(out, "w"))) | ||
123 | { | ||
124 | pool_error(solv->pool, 0, "testcase_write: could not open '%s' for writing", out); | ||
125 | + solv_free(cmd); | ||
126 | strqueue_free(&sq); | ||
127 | return 0; | ||
128 | } | ||
129 | if (*cmd && fwrite(cmd, strlen(cmd), 1, fp) != 1) | ||
130 | { | ||
131 | pool_error(solv->pool, 0, "testcase_write: write error"); | ||
132 | + solv_free(cmd); | ||
133 | strqueue_free(&sq); | ||
134 | fclose(fp); | ||
135 | return 0; | ||
136 | @@ -2373,6 +2376,7 @@ testcase_write_mangled(Solver *solv, const char *dir, int resultflags, const cha | ||
137 | if (fclose(fp)) | ||
138 | { | ||
139 | pool_error(solv->pool, 0, "testcase_write: write error"); | ||
140 | + solv_free(cmd); | ||
141 | strqueue_free(&sq); | ||
142 | return 0; | ||
143 | } | ||
144 | diff --git a/tools/repo2solv.c b/tools/repo2solv.c | ||
145 | index e055e408..30a41f42 100644 | ||
146 | --- a/tools/repo2solv.c | ||
147 | +++ b/tools/repo2solv.c | ||
148 | @@ -208,6 +208,7 @@ read_plaindir_repo(Repo *repo, const char *dir) | ||
149 | repodata_set_location(data, p, 0, 0, bp[0] == '.' && bp[1] == '/' ? bp + 2 : bp); | ||
150 | solv_free(rpm); | ||
151 | } | ||
152 | + solv_free(buf); | ||
153 | fclose(fp); | ||
154 | while (waitpid(pid, &wstatus, 0) == -1) | ||
155 | { | ||
156 | -- | ||
157 | 2.23.0 | ||
158 | |||