packages/libblockdev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix double free in crypto.c and part.c

Browse Source 
(cherry picked from commit 406868d6bbbaae9f10e9d05f644bb1566ba5e3bc)
This commit is contained in:
Kou Wenqi 2024-07-22 13:55:12 +08:00 committed by openeuler-sync-bot
parent 029c76699c
commit 3258492a81
3 changed files with 95 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
0005-part-Fix-potential-double-free-when-getting-parttype.patch Normal file
View File

@ -0,0 +1,37 @@
From 32a3ec7e47243ea2c2530445df83f60f992f0c23 Mon Sep 17 00:00:00 2001
From: Vojtech Trefny <vtrefny@redhat.com>
Date: Mon, 6 Nov 2023 18:38:34 +0100
Subject: [PATCH] part: Fix potential double free when getting parttype
fdisk_partition_get_type returns a pointer to a static table so
we shouldn't free it. fdisk_unref_parttype should against this but
we see some double free crashes that could be caused by this.
Related: https://github.com/storaged-project/udisks/issues/1208
---
src/plugins/part.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/plugins/part.c b/src/plugins/part.c
index 46d31137..20bb3628 100644
--- a/src/plugins/part.c
+++ b/src/plugins/part.c
@@ -462,7 +462,6 @@ static gchar* get_part_type_guid_and_gpt_flags (const gchar *device, int part_nu
if (!ptype_string) {
g_set_error (error, BD_PART_ERROR, BD_PART_ERROR_FAIL,
"Failed to get partition type for partition %d on device '%s'", part_num, device);
- fdisk_unref_parttype (ptype);
fdisk_unref_partition (pa);
close_context (cxt);
return NULL;
@@ -470,7 +469,6 @@ static gchar* get_part_type_guid_and_gpt_flags (const gchar *device, int part_nu
ret = g_strdup (ptype_string);
- fdisk_unref_parttype (ptype);
fdisk_unref_partition (pa);
close_context (cxt);
return ret;
--
2.27.0

49
0006-crypto-Fix-double-free-in-bd_crypto_luks_remove_key.patch Normal file
View File

@ -0,0 +1,49 @@
From 1b6d24e0ec4fc50686a533ec209f7b1db952deb5 Mon Sep 17 00:00:00 2001
From: Vojtech Trefny <vtrefny@redhat.com>
Date: Wed, 3 Apr 2024 15:58:04 +0200
Subject: [PATCH] crypto: Fix double free in bd_crypto_luks_remove_key
---
src/plugins/crypto.c | 1 -
tests/crypto_test.py | 6 ++++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/plugins/crypto.c b/src/plugins/crypto.c
index 3dabaabd..05931e80 100644
--- a/src/plugins/crypto.c
+++ b/src/plugins/crypto.c
@@ -1479,7 +1479,6 @@ gboolean bd_crypto_luks_remove_key (const gchar *device, BDCryptoKeyslotContext
return FALSE;
}
- crypt_safe_free (key_buf);
crypt_free (cd);
bd_utils_report_finished (progress_id, "Completed");
return TRUE;
diff --git a/tests/crypto_test.py b/tests/crypto_test.py
index 4d920c27..efe892b2 100644
--- a/tests/crypto_test.py
+++ b/tests/crypto_test.py
@@ -524,6 +524,9 @@ class CryptoTestRemoveKey(CryptoTestCase):
succ = BlockDev.crypto_luks_add_key(self.loop_dev, ctx, nctx2)
self.assertTrue(succ)
+ nctx3 = BlockDev.CryptoKeyslotContext(keyfile=self.keyfile)
+ succ = BlockDev.crypto_luks_add_key(self.loop_dev, ctx, nctx3)
+
with self.assertRaises(GLib.GError):
wctx = BlockDev.CryptoKeyslotContext(passphrase="wrong-passphrase")
BlockDev.crypto_luks_remove_key(self.loop_dev, wctx)
@@ -534,6 +537,9 @@ class CryptoTestRemoveKey(CryptoTestCase):
succ = BlockDev.crypto_luks_remove_key(self.loop_dev, nctx2)
self.assertTrue(succ)
+ succ = BlockDev.crypto_luks_remove_key(self.loop_dev, nctx3)
+ self.assertTrue(succ)
+
@tag_test(TestTags.SLOW)
def test_luks_remove_key(self):
self._remove_key(self._luks_format)
--
2.27.0

10
libblockdev.spec
View File

@ -3,7 +3,7 @@
Name: libblockdev Name: libblockdev
Version: 3.0.4 Version: 3.0.4
Release: 7 Release: 8
Summary: libblockdev is a C library supporting GObject introspection for manipulation of block devices Summary: libblockdev is a C library supporting GObject introspection for manipulation of block devices
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/storaged-project/libblockdev URL: https://github.com/storaged-project/libblockdev
@ -13,6 +13,8 @@ Patch1: 0001-Add-BDPluginSpec-constructor-and-use-it-in-plugin_sp.patch
Patch2: 0002-Fix-leaking-error.patch Patch2: 0002-Fix-leaking-error.patch
Patch3: 0003-lvm-dbus-Fix-leaking-error-in-bd_lvm_init.patch Patch3: 0003-lvm-dbus-Fix-leaking-error-in-bd_lvm_init.patch
Patch4: 0004-nvme-Fix-potential-memory-leak.patch Patch4: 0004-nvme-Fix-potential-memory-leak.patch
Patch5: 0005-part-Fix-potential-double-free-when-getting-parttype.patch
Patch6: 0006-crypto-Fix-double-free-in-bd_crypto_luks_remove_key.patch
BuildRequires: make glib2-devel libyaml-devel libbytesize-devel parted-devel libuuid-devel ndctl-devel device-mapper-devel BuildRequires: make glib2-devel libyaml-devel libbytesize-devel parted-devel libuuid-devel ndctl-devel device-mapper-devel
BuildRequires: device-mapper-devel systemd-devel nss-devel volume_key-devel >= 0.3.9-7 libblkid-devel libmount-devel BuildRequires: device-mapper-devel systemd-devel nss-devel volume_key-devel >= 0.3.9-7 libblkid-devel libmount-devel
@ -162,6 +164,12 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
%changelog %changelog
* Mon Jul 22 2024 kouwenqi <kouwenqi@kylinos.cn> - 3.0.4-8
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Fix double free in crypto.c and part.c
* Fri Jul 12 2024 cenhuilin <cenhuilin@kylinos.cn> - 3.0.4-7 * Fri Jul 12 2024 cenhuilin <cenhuilin@kylinos.cn> - 3.0.4-7
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA