diff --git a/fix-memleak-in-ntfs.patch b/fix-memleak-in-ntfs.patch new file mode 100644 index 0000000..67a2f44 --- /dev/null +++ b/fix-memleak-in-ntfs.patch @@ -0,0 +1,79 @@ +From f7f44f8d321628d0a9d960d4183d2eba63ed29ed Mon Sep 17 00:00:00 2001 +From: Joachim Metz +Date: Thu, 22 Apr 2021 20:29:46 +0200 +Subject: [PATCH] Fixed leak in error path #1190 + +--- + tsk/fs/ntfs.c | 23 ++++++++++++++++++----- + 1 file changed, 18 insertions(+), 5 deletions(-) + +diff --git a/tsk/fs/ntfs.c b/tsk/fs/ntfs.c +index f55b849..e82abae 100755 +--- a/tsk/fs/ntfs.c ++++ b/tsk/fs/ntfs.c +@@ -592,7 +592,8 @@ ntfs_make_data_run(NTFS_INFO * ntfs, TSK_OFF_T start_vcn, + int64_t addr_offset = 0; + + /* allocate a new tsk_fs_attr_run */ +- if ((data_run = tsk_fs_attr_run_alloc()) == NULL) { ++ data_run = tsk_fs_attr_run_alloc(); ++ if (data_run == NULL) { + tsk_fs_attr_run_free(*a_data_run_head); + *a_data_run_head = NULL; + return TSK_ERR; +@@ -2015,8 +2016,10 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs, + tsk_error_set_errno(TSK_ERR_FS_CORRUPT); + tsk_error_set_errstr("ntfs_proc_attrseq: Compression unit size 2^%d too large", + tsk_getu16(fs->endian, attr->c.nr.compusize)); +- if (fs_attr_run) ++ if (fs_attr_run) { + tsk_fs_attr_run_free(fs_attr_run); ++ fs_attr_run = NULL; ++ } + return TSK_COR; + } + +@@ -2056,9 +2059,10 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs, + TSK_FS_ATTR_RES)) == NULL) { + tsk_error_errstr2_concat(" - proc_attrseq: getnew"); + // JRB: Coverity found leak. +- if (fs_attr_run) ++ if (fs_attr_run) { + tsk_fs_attr_run_free(fs_attr_run); +- fs_attr_run = NULL; ++ fs_attr_run = NULL; ++ } + return TSK_ERR; + } + +@@ -2098,10 +2102,15 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs, + tsk_error_errstr2_concat("- proc_attrseq: set run"); + + // If the run wasn't saved to the attribute, free it now +- if (fs_attr_run && (fs_attr->nrd.run == NULL)) ++ if (fs_attr_run && (fs_attr->nrd.run == NULL)) { + tsk_fs_attr_run_free(fs_attr_run); ++ fs_attr_run = NULL; ++ } + return TSK_COR; + } ++ // fs_file has taken over managerment of fs_attr_run ++ fs_attr_run = NULL; ++ + // set the special functions + if (fs_file->meta->flags & TSK_FS_META_FLAG_COMP) { + fs_attr->w = ntfs_attr_walk_special; +@@ -2112,6 +2121,10 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs, + else { + if (tsk_fs_attr_add_run(fs, fs_attr, fs_attr_run)) { + tsk_error_errstr2_concat(" - proc_attrseq: put run"); ++ if (fs_attr_run) { ++ tsk_fs_attr_run_free(fs_attr_run); ++ fs_attr_run = NULL; ++ } + return TSK_COR; + } + } +-- +2.30.0 + diff --git a/sleuthkit.spec b/sleuthkit.spec index 0a03cca..c245c53 100644 --- a/sleuthkit.spec +++ b/sleuthkit.spec @@ -1,6 +1,6 @@ Name: sleuthkit Version: 4.6.7 -Release: 8 +Release: 9 Summary: Tools for file system and volume forensic analysis License: CPL and IBM and GPLv2+ URL: http://www.sleuthkit.org @@ -14,6 +14,7 @@ Patch5: 0005-Fix-Fuzz-buffer-overflow.patch Patch6: 0006-Add-attributes-file-nodesize-check.patch Patch7: 0007-Fixed-OOB-reads-in-hfs_cat_traverse.patch Patch8: 0008-left-shift.patch +Patch9: fix-memleak-in-ntfs.patch BuildRequires: gcc-c++ afflib-devel >= 3.3.4 libewf-devel perl-generators sqlite-devel @@ -88,6 +89,9 @@ sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %{_mandir}/man1/* %changelog +* Thu Aug 26 2021 sunguoshuai - 4.6.7-9 +- Fix memleak in ntfs + * Thu Jun 3 2021 caodongxia - 4.6.7-8 - Fixed left shift