packages/util-linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!313 util-linux: fix memory leak and UAF

Browse Source 
From: @zhang-yao-2022 
Reviewed-by: @jiayi0118 
Signed-off-by: @jiayi0118
This commit is contained in:
openeuler-ci-bot 2024-12-10 01:41:10 +00:00 committed by Gitee
commit f8951a461a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 160 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
backport-suL-fix-use-after-free-on-error.patch Normal file
View File

@ -0,0 +1,30 @@
From 3b01374845f8bbe29ef945b866f679555b28cd38 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 30 Apr 2024 10:51:50 +0200
Subject: [PATCH] suL fix use after free on error
Signed-off-by: Karel Zak <kzak@redhat.com>
---
login-utils/su-common.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index b674920..35950ce 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -446,9 +446,10 @@ static void supam_open_session(struct su_context *su)
rc = pam_open_session(su->pamh, 0);
if (is_pam_failure(rc)) {
+ const char *msg = pam_strerror(su->pamh, rc);
+
supam_cleanup(su, rc);
- errx(EXIT_FAILURE, _("cannot open session: %s"),
- pam_strerror(su->pamh, rc));
+ errx(EXIT_FAILURE, _("cannot open session: %s"), msg);
} else
su->pam_has_session = 1;
}
--
2.43.0

40
backport-sys-utils-save_adjtime-fix-memory-leak.patch Normal file
View File

@ -0,0 +1,40 @@
From 4e4fd6a5fc84b8dc172e1ea67b28064c67376d1a Mon Sep 17 00:00:00 2001
From: Maks Mishin <maks.mishinFZ@gmail.com>
Date: Thu, 17 Oct 2024 07:14:26 +0300
Subject: [PATCH] sys-utils: (save_adjtime): fix memory leak
Dynamic memory, referenced by 'content', is allocated by calling function 'xasprintf'
and lost when function returns.
Found by the static analyzer Svace.
---
sys-utils/hwclock.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sys-utils/hwclock.c b/sys-utils/hwclock.c
index 87228b5..1318c13 100644
--- a/sys-utils/hwclock.c
+++ b/sys-utils/hwclock.c
@@ -910,6 +910,7 @@ static int save_adjtime(const struct hwclock_control *ctl,
fp = fopen(ctl->adj_file_name, "w");
if (fp == NULL) {
warn(_("cannot open %s"), ctl->adj_file_name);
+ free(content);
return EXIT_FAILURE;
}
@@ -918,9 +919,11 @@ static int save_adjtime(const struct hwclock_control *ctl,
if (rc) {
warn(_("cannot update %s"), ctl->adj_file_name);
+ free(content);
return EXIT_FAILURE;
}
}
+ free(content);
return EXIT_SUCCESS;
}
--
2.43.0

37
backport-sys-utils-setpriv-fix-potential-memory-leak.patch Normal file
View File

@ -0,0 +1,37 @@
From 8f15d94a21cbc6886bdf2474e6e1bb507cab1149 Mon Sep 17 00:00:00 2001
From: Maks Mishin <maks.mishinFZ@gmail.com>
Date: Thu, 10 Oct 2024 20:23:49 +0300
Subject: [PATCH] sys-utils: (setpriv): fix potential memory leak
Dynamic memory, referenced by 'buf' is allocated by calling function 'xstrdup'
add then changed by calling of strsep function.
The free(buf) call is incorrect if buf != NULL, and points to some
place inside or outside the source string.
---
sys-utils/setpriv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index ddc2cc6..44731fd 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -552,6 +552,7 @@ static void do_caps(enum cap_type type, const char *caps)
static void parse_securebits(struct privctx *opts, const char *arg)
{
char *buf = xstrdup(arg);
+ char *source_buf = buf;
char *c;
opts->have_securebits = 1;
@@ -605,7 +606,7 @@ static void parse_securebits(struct privctx *opts, const char *arg)
opts->securebits |= SECBIT_KEEP_CAPS; /* We need it, and it's reset on exec */
- free(buf);
+ free(source_buf);
}
static void do_selinux_label(const char *label)
--
2.43.0

38
backport-wall-fix-possible-memory-leak.patch Normal file
View File

@ -0,0 +1,38 @@
From 828f6506b488a67d26ea8b7c50042a505c450b79 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 29 Apr 2024 15:25:58 +0200
Subject: [PATCH] wall: fix possible memory leak
Signed-off-by: Karel Zak <kzak@redhat.com>
---
term-utils/wall.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/term-utils/wall.c b/term-utils/wall.c
index 1e7e9ab..cc39bdc 100644
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@@ -284,10 +284,10 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
if (print_banner == TRUE) {
char *hostname = xgethostname();
- char *whom, *where, date[CTIME_BUFSIZ];
+ char *whombuf, *whom, *where, date[CTIME_BUFSIZ];
time_t now;
- whom = xgetlogin();
+ whombuf = whom = xgetlogin();
if (!whom) {
whom = "<someone>";
warn(_("cannot get passwd uid"));
@@ -318,6 +318,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
whom, hostname, where, date);
fprintf(fs, "%-*.*s\007\007\r\n", TERM_WIDTH, TERM_WIDTH, lbuf);
free(hostname);
+ free(whombuf);
}
fprintf(fs, "%*s\r\n", TERM_WIDTH, " ");
--
2.43.0

16
util-linux.spec
View File

@ -3,7 +3,7 @@
Name: util-linux Name: util-linux
Version: 2.39.1 Version: 2.39.1
Release: 14 Release: 15
Summary: A random collection of Linux utilities Summary: A random collection of Linux utilities
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@ -38,6 +38,10 @@ Patch6016: backport-libmount-improve-mnt_table_next_child_fs.patch
Patch6017: backport-libmount-make-sure-option-is-used-as-string.patch Patch6017: backport-libmount-make-sure-option-is-used-as-string.patch
Patch6018: backport-libmount-fix-possible-memory-leak.patch Patch6018: backport-libmount-fix-possible-memory-leak.patch
Patch6019: backport-libmount-Fix-atime-remount-for-new-API.patch Patch6019: backport-libmount-Fix-atime-remount-for-new-API.patch
Patch6020: backport-sys-utils-setpriv-fix-potential-memory-leak.patch
Patch6021: backport-sys-utils-save_adjtime-fix-memory-leak.patch
Patch6022: backport-wall-fix-possible-memory-leak.patch
Patch6023: backport-suL-fix-use-after-free-on-error.patch
Patch9000: SKIPPED-no-root-permissions-test.patch Patch9000: SKIPPED-no-root-permissions-test.patch
Patch9001: util-linux-Add-sw64-architecture.patch Patch9001: util-linux-Add-sw64-architecture.patch
@ -419,6 +423,16 @@ fi
%endif %endif
%changelog %changelog
* Mon Dec 09 2024 zhangyao <zhangyao108@huawei.com> - 2.39.1-15
- Type: bugfix
- CVE: NA
- SUG: NA
- DESC: backport community patches
backport-sys-utils-setpriv-fix-potential-memory-leak.patch
backport-sys-utils-save_adjtime-fix-memory-leak.patch
backport-wall-fix-possible-memory-leak.patch
backport-suL-fix-use-after-free-on-error.patch
* Thu Nov 28 2024 Wenlong Zhang <zhangwenlong@loongson.cn> - 2.39.1-14 * Thu Nov 28 2024 Wenlong Zhang <zhangwenlong@loongson.cn> - 2.39.1-14
- Type:enhancement - Type:enhancement
- CVE: NA - CVE: NA