libsolv/backport-CVE-2018-20534-20533-20532-Fix-Memory-leaks.patch

From 98a75959e13699e2ef35b0b011a88a6d224f227e Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Tue, 11 Dec 2018 10:14:04 +0100
Subject: [PATCH 3/7] Fix: Memory leaks

Signed-off-by: root <root@localhost.localdomain>
---
 ext/repo_rpmdb.c  | 16 ++++++++++++++++
 ext/testcase.c    |  4 ++++
 tools/repo2solv.c |  1 +
 3 files changed, 21 insertions(+)

diff --git a/ext/repo_rpmdb.c b/ext/repo_rpmdb.c
index 9acb4006..0d648208 100644
--- a/ext/repo_rpmdb.c
+++ b/ext/repo_rpmdb.c
@@ -1896,6 +1896,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
   if (fread(lead, 96 + 16, 1, fp) != 1 || getu32(lead) != 0xedabeedb)
     {
       pool_error(pool, -1, "%s: not a rpm", rpm);
+      solv_chksum_free(leadsigchksumh, NULL);
+      solv_chksum_free(chksumh, NULL);
       fclose(fp);
       return 0;
     }
@@ -1908,12 +1910,16 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
   if (lead[78] != 0 || lead[79] != 5)
     {
       pool_error(pool, -1, "%s: not a rpm v5 header", rpm);
+      solv_chksum_free(leadsigchksumh, NULL);
+      solv_chksum_free(chksumh, NULL);
       fclose(fp);
       return 0;
     }
   if (getu32(lead + 96) != 0x8eade801)
     {
       pool_error(pool, -1, "%s: bad signature header", rpm);
+      solv_chksum_free(leadsigchksumh, NULL);
+      solv_chksum_free(chksumh, NULL);
       fclose(fp);
       return 0;
     }
@@ -1922,6 +1928,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
   if (sigcnt >= MAX_SIG_CNT || sigdsize >= MAX_SIG_DSIZE)
     {
       pool_error(pool, -1, "%s: bad signature header", rpm);
+      solv_chksum_free(leadsigchksumh, NULL);
+      solv_chksum_free(chksumh, NULL);
       fclose(fp);
       return 0;
     }
@@ -1932,6 +1940,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
     {
       if (!headfromfp(&state, rpm, fp, lead + 96, sigcnt, sigdsize, sigpad, chksumh, leadsigchksumh))
 	{
+      solv_chksum_free(leadsigchksumh, NULL);
+      solv_chksum_free(chksumh, NULL);
 	  fclose(fp);
 	  return 0;
 	}
@@ -1971,6 +1981,8 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
 	  if (fread(lead, l, 1, fp) != 1)
 	    {
 	      pool_error(pool, -1, "%s: unexpected EOF", rpm);
+          solv_chksum_free(leadsigchksumh, NULL);
+          solv_chksum_free(chksumh, NULL);
 	      fclose(fp);
 	      return 0;
 	    }
@@ -1991,6 +2003,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
   if (fread(lead, 16, 1, fp) != 1)
     {
       pool_error(pool, -1, "%s: unexpected EOF", rpm);
+      solv_chksum_free(chksumh, NULL);
       fclose(fp);
       return 0;
     }
@@ -1999,6 +2012,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
   if (getu32(lead) != 0x8eade801)
     {
       pool_error(pool, -1, "%s: bad header", rpm);
+      solv_chksum_free(chksumh, NULL);
       fclose(fp);
       return 0;
     }
@@ -2007,6 +2021,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
   if (sigcnt >= MAX_HDR_CNT || sigdsize >= MAX_HDR_DSIZE)
     {
       pool_error(pool, -1, "%s: bad header", rpm);
+      solv_chksum_free(chksumh, NULL);
       fclose(fp);
       return 0;
     }
@@ -2014,6 +2029,7 @@ repo_add_rpm(Repo *repo, const char *rpm, int flags)
 
   if (!headfromfp(&state, rpm, fp, lead, sigcnt, sigdsize, 0, chksumh, 0))
     {
+      solv_chksum_free(chksumh, NULL);
       fclose(fp);
       return 0;
     }
diff --git a/ext/testcase.c b/ext/testcase.c
index b815c563..33998d47 100644
--- a/ext/testcase.c
+++ b/ext/testcase.c
@@ -2365,6 +2365,7 @@ testcase_write_mangled(Solver *solv, const char *dir, int resultflags, const cha
 	  if (fclose(fp))
 	    {
 	      pool_error(solv->pool, 0, "testcase_write: write error");
+	      solv_free(result);
 	      strqueue_free(&sq);
 	      return 0;
 	    }
@@ -2377,12 +2378,14 @@ testcase_write_mangled(Solver *solv, const char *dir, int resultflags, const cha
   if (!(fp = fopen(out, "w")))
     {
       pool_error(solv->pool, 0, "testcase_write: could not open '%s' for writing", out);
+      solv_free(cmd);
       strqueue_free(&sq);
       return 0;
     }
   if (*cmd && fwrite(cmd, strlen(cmd), 1, fp) != 1)
     {
       pool_error(solv->pool, 0, "testcase_write: write error");
+      solv_free(cmd);
       strqueue_free(&sq);
       fclose(fp);
       return 0;
@@ -2390,6 +2393,7 @@ testcase_write_mangled(Solver *solv, const char *dir, int resultflags, const cha
   if (fclose(fp))
     {
       pool_error(solv->pool, 0, "testcase_write: write error");
+      solv_free(cmd);
       strqueue_free(&sq);
       return 0;
     }
diff --git a/tools/repo2solv.c b/tools/repo2solv.c
index d5b33287..68e92f33 100644
--- a/tools/repo2solv.c
+++ b/tools/repo2solv.c
@@ -208,6 +208,7 @@ read_plaindir_repo(Repo *repo, const char *dir)
 	repodata_set_location(data, p, 0, 0, bp[0] == '.' && bp[1] == '/' ? bp + 2 : bp);
       solv_free(rpm);
     }
+  solv_free(buf);
   fclose(fp);
   while (waitpid(pid, &wstatus, 0) == -1)
     {
-- 
2.19.1