From 433e6435c747163c8152af0b865cced2d4a93d4a Mon Sep 17 00:00:00 2001
From: hubin <hubin73@huawei.com>
Date: Wed, 23 Mar 2022 16:05:05 +0800
Subject: [PATCH] backport patches to fix NULL pointer dereference and memory
 leak bug

Signed-off-by: hubin <hubin73@huawei.com>
---
 0003-backport-fix-covscan-issues.patch        | 54 +++++++++++++++++++
 ...ptr-deref-in-initial_state_start_fun.patch | 21 ++++++++
 libmetalink.spec                              | 10 +++-
 3 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 0003-backport-fix-covscan-issues.patch
 create mode 100644 0004-backport-fix-NULL-ptr-deref-in-initial_state_start_fun.patch

diff --git a/0003-backport-fix-covscan-issues.patch b/0003-backport-fix-covscan-issues.patch
new file mode 100644
index 0000000..c5d2824
--- /dev/null
+++ b/0003-backport-fix-covscan-issues.patch
@@ -0,0 +1,54 @@
+From 204c580643f7c52364520926b9df3a621fab6df7 Mon Sep 17 00:00:00 2001
+From: Martin Sehnoutka <msehnout@redhat.com>
+Date: Tue, 24 Jul 2018 15:10:40 +0200
+Subject: [PATCH] fix covscan issues
+
+---
+ lib/libexpat_metalink_parser.c | 3 +++
+ lib/metalink_pctrl.c           | 2 ++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/lib/libexpat_metalink_parser.c b/lib/libexpat_metalink_parser.c
+index 4e73aef..79b091c 100644
+--- a/lib/libexpat_metalink_parser.c
++++ b/lib/libexpat_metalink_parser.c
+@@ -29,6 +29,7 @@
+ 
+ #include <string.h>
+ #include <unistd.h>
++#include <stdlib.h>
+ #include <errno.h>
+ #include <assert.h>
+ 
+@@ -56,6 +57,8 @@ static void split_ns_name(const char** localname,
+     *localname = sep+1;
+     len = sep-src;
+     temp = malloc((len+1) * sizeof **ns_uri);
++    if (temp == NULL)
++        exit(EXIT_FAILURE);
+     memcpy(temp, src, len);
+     temp[len] = '\0';
+     *ns_uri = temp;
+diff --git a/lib/metalink_pctrl.c b/lib/metalink_pctrl.c
+index c25989b..e6fb8f8 100644
+--- a/lib/metalink_pctrl.c
++++ b/lib/metalink_pctrl.c
+@@ -469,6 +469,7 @@ metalink_error_t metalink_pctrl_file_set_language(metalink_pctrl_t* ctrl, const
+   l = strdup(language);
+   ctrl->languages = metalink_list_new();
+   if(!ctrl->languages || !l || metalink_list_append(ctrl->languages, l) != 0) {
++    if (l) free(l);
+     return METALINK_ERR_BAD_ALLOC;
+   }
+ 
+@@ -486,6 +487,7 @@ metalink_error_t metalink_pctrl_file_set_os(metalink_pctrl_t* ctrl, const char*
+   o = strdup(os);
+   ctrl->oses = metalink_list_new();
+   if(!ctrl->oses || !o || metalink_list_append(ctrl->oses, o) != 0) {
++    if (o) free(o);
+     return METALINK_ERR_BAD_ALLOC;
+   }
+ 
+-- 
+2.17.1
+
diff --git a/0004-backport-fix-NULL-ptr-deref-in-initial_state_start_fun.patch b/0004-backport-fix-NULL-ptr-deref-in-initial_state_start_fun.patch
new file mode 100644
index 0000000..daa5fa7
--- /dev/null
+++ b/0004-backport-fix-NULL-ptr-deref-in-initial_state_start_fun.patch
@@ -0,0 +1,21 @@
+diff -urp libmetalink-0.1.3.orig/lib/metalink_pstate.c libmetalink-0.1.3/lib/metalink_pstate.c
+--- libmetalink-0.1.3.orig/lib/metalink_pstate.c	2012-08-12 04:43:53.000000000 -0400
++++ libmetalink-0.1.3/lib/metalink_pstate.c	2020-07-22 17:03:21.205852103 -0400
+@@ -100,7 +100,7 @@ void initial_state_start_fun(metalink_ps
+ 			     const char** attrs)
+ {
+   if(strcmp("metalink", name) == 0) {
+-    if (strcmp(METALINK_V3_NS_URI, ns_uri) == 0) {
++    if (ns_uri && strcmp(METALINK_V3_NS_URI, ns_uri) == 0) {
+       const char* type;
+       const char* origin;
+       metalink_pctrl_set_version(stm->ctrl, METALINK_VERSION_3);
+@@ -116,7 +116,7 @@ void initial_state_start_fun(metalink_ps
+ 
+       metalink_pstm_enter_metalink_state(stm);
+     }
+-    else if (strcmp(METALINK_V4_NS_URI, ns_uri) == 0) {
++    else if (ns_uri && strcmp(METALINK_V4_NS_URI, ns_uri) == 0) {
+       metalink_pctrl_set_version(stm->ctrl, METALINK_VERSION_4);
+       metalink_pstm_enter_metalink_state_v4(stm);
+     } else {
diff --git a/libmetalink.spec b/libmetalink.spec
index 5726760..2a6b7ff 100644
--- a/libmetalink.spec
+++ b/libmetalink.spec
@@ -1,6 +1,6 @@
 Name: libmetalink
 Version: 0.1.3
-Release: 10
+Release: 11
 Summary: Metalink library written in C
 License: MIT
 URL: https://launchpad.net/libmetalink
@@ -10,6 +10,8 @@ BuildRequires: gcc expat-devel libxml2-devel CUnit-devel autoconf automake libto
 
 Patch001:0001-fix-warning-_BSD_SOURCE-and-_SVID_SOURCE-are-depreca.patch
 Patch002:0002-add-libmetalink-testcases-for-api-and-error-handling.patch
+Patch003:0003-backport-fix-covscan-issues.patch
+Patch004:0004-backport-fix-NULL-ptr-deref-in-initial_state_start_fun.patch
 
 %description
 libmetalink is a Metalink library written in C language. It is intended to
@@ -64,6 +66,12 @@ make check
 %{_mandir}/man3/*
 
 %changelog
+* Fri Mar 23 2022 Hu Bin <hubin73@huawei.com> - 0.1.3-11
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:backport patches to fix NULL pointer dereference and memory leak bug
+
 * Tue Mar 01 2022 Hu Bin <hubin73@huawei.com> - 0.1.3-10
 - Type:enhancement
 - ID:NA