packages/libdnf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a memory leak in glob_for_cachedir

Browse Source
This commit is contained in:
hanhuihui 2024-11-25 09:14:46 +00:00
parent d6a36e0156
commit f458cdadf1
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
backport-Fix-a-memory-leak-in-glob_for_cachedir.patch Normal file
View File

@ -0,0 +1,53 @@
From b245193e881912cf730b53ece74c410ef573e292 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 17 Jul 2024 09:30:59 +0200
Subject: [PATCH 1/1] Fix a memory leak in glob_for_cachedir()
Covscan complains:
Error: RESOURCE_LEAK (CWE-772): [#def1] [important]
libdnf-0.73.1/libdnf/hy-iutil.cpp:100:5: alloc_arg: "wordexp" allocates memory that is stored into "word_vector.we_wordv".
libdnf-0.73.1/libdnf/hy-iutil.cpp:102:9: leaked_storage: Variable "word_vector" going out of scope leaks the storage "word_vector.we_wordv" points to.
# 100| if (wordexp(p, &word_vector, 0)) {
# 101| g_free(p);
# 102|-> return ret;
# 103| }
# 104| for (guint i = 0; i < word_vector.we_wordc; ++i) {
The issue is that Covscan model thinks that word_vector should be
freed after failing wordexp(). glibc's manual does not explain whether
it is or isn't necessary. However, POSIX manual mentions that the
memory is valid on WRDE_NOSPACE (not enough memory) error. Reading
glibc sources confirms that wordexp() on any error except of
WRDE_NOSPACE cleans up and returns original, intact word_vector.
Therefore I recognize the missing wordfree() call as an error and
this patch fixed it.
---
libdnf/hy-iutil.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libdnf/hy-iutil.cpp b/libdnf/hy-iutil.cpp
index 43314c60..4848c9f7 100644
--- a/libdnf/hy-iutil.cpp
+++ b/libdnf/hy-iutil.cpp
@@ -89,7 +89,7 @@ glob_for_cachedir(char *path)
if (!g_str_has_suffix(path, "XXXXXX"))
return ret;
- wordexp_t word_vector;
+ wordexp_t word_vector = {0};
char *p = g_strdup(path);
const int len = strlen(p);
struct stat s;
@@ -98,6 +98,7 @@ glob_for_cachedir(char *path)
p[len-6] = '*';
p[len-5] = '\0';
if (wordexp(p, &word_vector, 0)) {
+ wordfree(&word_vector);
g_free(p);
return ret;
}
--
2.25.1

6
libdnf.spec
View File

@ -18,7 +18,7 @@
Name: libdnf Name: libdnf
Version: 0.70.2 Version: 0.70.2
Release: 5 Release: 6
Summary: Library providing simplified C and Python API to libsolv Summary: Library providing simplified C and Python API to libsolv
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
URL: https://github.com/rpm-software-management/libdnf URL: https://github.com/rpm-software-management/libdnf
@ -53,6 +53,7 @@ Patch6007: backport-MergedTransaction-Calculate-RPM-difference-b
Patch6008: backport-MergedTransaction-Fix-invalid-memory-access-when-dropping.patch Patch6008: backport-MergedTransaction-Fix-invalid-memory-access-when-dropping.patch
Patch6009: backport-Fix-countme-bucket-calculation.patch Patch6009: backport-Fix-countme-bucket-calculation.patch
Patch6010: backport-Fix-up-some-comments-in-addCountmeFlag.patch Patch6010: backport-Fix-up-some-comments-in-addCountmeFlag.patch
Patch6011: backport-Fix-a-memory-leak-in-glob_for_cachedir.patch
%description %description
A Library providing simplified C and Python API to libsolv. A Library providing simplified C and Python API to libsolv.
@ -132,6 +133,9 @@ popd
%{python3_sitearch}/hawkey/ %{python3_sitearch}/hawkey/
%changelog %changelog
* Mon Jul 29 2024 Wenhua Huang <huangwenhua@Kylinos.cn> - 0.70.2-6
- Fix a memory leak in glob_for_cachedir()
* Tue Jul 02 2024 wangziliang <wangziliang@kylinos.cn> - 0.70.2-5 * Tue Jul 02 2024 wangziliang <wangziliang@kylinos.cn> - 0.70.2-5
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA