util-linux: fix memory leak and UAF

backport-suL-fix-use-after-free-on-error.patch

@@ -0,0 +1,30 @@
+From 3b01374845f8bbe29ef945b866f679555b28cd38 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 30 Apr 2024 10:51:50 +0200
+Subject: [PATCH] suL fix use after free on error
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ login-utils/su-common.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/login-utils/su-common.c b/login-utils/su-common.c
+index b674920..35950ce 100644
+--- a/login-utils/su-common.c
++++ b/login-utils/su-common.c
+@@ -446,9 +446,10 @@ static void supam_open_session(struct su_context *su)
+ 
+ 	rc = pam_open_session(su->pamh, 0);
+ 	if (is_pam_failure(rc)) {
++		const char *msg = pam_strerror(su->pamh, rc);
++
+ 		supam_cleanup(su, rc);
+-		errx(EXIT_FAILURE, _("cannot open session: %s"),
+-		     pam_strerror(su->pamh, rc));
++		errx(EXIT_FAILURE, _("cannot open session: %s"), msg);
+ 	} else
+ 		su->pam_has_session = 1;
+ }
+-- 
+2.43.0
+

backport-sys-utils-save_adjtime-fix-memory-leak.patch

@@ -0,0 +1,40 @@
+From 4e4fd6a5fc84b8dc172e1ea67b28064c67376d1a Mon Sep 17 00:00:00 2001
+From: Maks Mishin <maks.mishinFZ@gmail.com>
+Date: Thu, 17 Oct 2024 07:14:26 +0300
+Subject: [PATCH] sys-utils: (save_adjtime): fix memory leak
+
+Dynamic memory, referenced by 'content', is allocated by calling function 'xasprintf'
+and lost when function returns.
+
+Found by the static analyzer Svace.
+---
+ sys-utils/hwclock.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sys-utils/hwclock.c b/sys-utils/hwclock.c
+index 87228b5..1318c13 100644
+--- a/sys-utils/hwclock.c
++++ b/sys-utils/hwclock.c
+@@ -910,6 +910,7 @@ static int save_adjtime(const struct hwclock_control *ctl,
+ 		fp = fopen(ctl->adj_file_name, "w");
+ 		if (fp == NULL) {
+ 			warn(_("cannot open %s"), ctl->adj_file_name);
++			free(content);
+ 			return EXIT_FAILURE;
+ 		}
+ 
+@@ -918,9 +919,11 @@ static int save_adjtime(const struct hwclock_control *ctl,
+ 
+ 		if (rc) {
+ 			warn(_("cannot update %s"), ctl->adj_file_name);
++			free(content);
+ 			return EXIT_FAILURE;
+ 		}
+ 	}
++	free(content);
+ 	return EXIT_SUCCESS;
+ }
+ 
+-- 
+2.43.0
+

backport-sys-utils-setpriv-fix-potential-memory-leak.patch

@@ -0,0 +1,37 @@
+From 8f15d94a21cbc6886bdf2474e6e1bb507cab1149 Mon Sep 17 00:00:00 2001
+From: Maks Mishin <maks.mishinFZ@gmail.com>
+Date: Thu, 10 Oct 2024 20:23:49 +0300
+Subject: [PATCH] sys-utils: (setpriv): fix potential memory leak
+
+Dynamic memory, referenced by 'buf' is allocated by calling function 'xstrdup'
+add then changed by calling of strsep function.
+The free(buf) call is incorrect if buf != NULL, and points to some
+place inside or outside the source string.
+---
+ sys-utils/setpriv.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
+index ddc2cc6..44731fd 100644
+--- a/sys-utils/setpriv.c
++++ b/sys-utils/setpriv.c
+@@ -552,6 +552,7 @@ static void do_caps(enum cap_type type, const char *caps)
+ static void parse_securebits(struct privctx *opts, const char *arg)
+ {
+ 	char *buf = xstrdup(arg);
++	char *source_buf = buf;
+ 	char *c;
+ 
+ 	opts->have_securebits = 1;
+@@ -605,7 +606,7 @@ static void parse_securebits(struct privctx *opts, const char *arg)
+ 
+ 	opts->securebits |= SECBIT_KEEP_CAPS;	/* We need it, and it's reset on exec */
+ 
+-	free(buf);
++	free(source_buf);
+ }
+ 
+ static void do_selinux_label(const char *label)
+-- 
+2.43.0
+

backport-wall-fix-possible-memory-leak.patch

@@ -0,0 +1,38 @@
+From 828f6506b488a67d26ea8b7c50042a505c450b79 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Mon, 29 Apr 2024 15:25:58 +0200
+Subject: [PATCH] wall: fix possible memory leak
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ term-utils/wall.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/term-utils/wall.c b/term-utils/wall.c
+index 1e7e9ab..cc39bdc 100644
+--- a/term-utils/wall.c
++++ b/term-utils/wall.c
+@@ -284,10 +284,10 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 
+ 	if (print_banner == TRUE) {
+ 		char *hostname = xgethostname();
+-		char *whom, *where, date[CTIME_BUFSIZ];
++		char *whombuf, *whom, *where, date[CTIME_BUFSIZ];
+ 		time_t now;
+ 
+-		whom = xgetlogin();
++		whombuf = whom = xgetlogin();
+ 		if (!whom) {
+ 			whom = "<someone>";
+ 			warn(_("cannot get passwd uid"));
+@@ -318,6 +318,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 				whom, hostname, where, date);
+ 		fprintf(fs, "%-*.*s\007\007\r\n", TERM_WIDTH, TERM_WIDTH, lbuf);
+ 		free(hostname);
++		free(whombuf);
+ 	}
+ 	fprintf(fs, "%*s\r\n", TERM_WIDTH, " ");
+ 
+-- 
+2.43.0
+

util-linux.spec

@@ -3,7 +3,7 @@
 
 Name:           util-linux
 Version:        2.39.1
-Release:        14
+Release:        15
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@@ -38,6 +38,10 @@ Patch6016:      backport-libmount-improve-mnt_table_next_child_fs.patch
 Patch6017:      backport-libmount-make-sure-option-is-used-as-string.patch
 Patch6018:      backport-libmount-fix-possible-memory-leak.patch
 Patch6019:      backport-libmount-Fix-atime-remount-for-new-API.patch
+Patch6020:      backport-sys-utils-setpriv-fix-potential-memory-leak.patch
+Patch6021:      backport-sys-utils-save_adjtime-fix-memory-leak.patch
+Patch6022:      backport-wall-fix-possible-memory-leak.patch
+Patch6023:      backport-suL-fix-use-after-free-on-error.patch
 
 Patch9000:      SKIPPED-no-root-permissions-test.patch
 Patch9001:      util-linux-Add-sw64-architecture.patch
@@ -419,6 +423,16 @@ fi
 %endif
 
 %changelog
+* Mon Dec 09 2024 zhangyao <zhangyao108@huawei.com> - 2.39.1-15
+- Type: bugfix
+- CVE: NA
+- SUG: NA
+- DESC: backport community patches
+        backport-sys-utils-setpriv-fix-potential-memory-leak.patch
+        backport-sys-utils-save_adjtime-fix-memory-leak.patch
+        backport-wall-fix-possible-memory-leak.patch
+        backport-suL-fix-use-after-free-on-error.patch
+
 * Thu Nov 28 2024 Wenlong Zhang <zhangwenlong@loongson.cn> - 2.39.1-14
 - Type:enhancement
 - CVE: NA