michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 6 months ago
Clone
Richard Phibel 7a6603
From 937f9bc67b905851c78719d8397926eaa97b174a Mon Sep 17 00:00:00 2001
Richard Phibel 7a6603
From: Richard Phibel <richardphibel@meta.com>
Richard Phibel 7a6603
Date: Mon, 22 May 2023 05:16:51 +0200
Richard Phibel 7a6603
Subject: [PATCH] Fix stack overflow
Richard Phibel 7a6603
Richard Phibel 7a6603
Creation of array struct digestoffset offsets[rpmfiFC(fi)] caused a
Richard Phibel 7a6603
stack overflow because the total size is greater than 8M which is the
Richard Phibel 7a6603
stack size limit on Linux. To fix the issue, the array is allocated on
Richard Phibel 7a6603
the heap.
Richard Phibel 7a6603
Richard Phibel 7a6603
I used AddressSanitizer to find the root cause of the issue. It found a
Richard Phibel 7a6603
number of memory leaks so I fixed them as well.
Richard Phibel 7a6603
---
Richard Phibel 7a6603
 rpm2extents.c | 15 +++++++++++----
Richard Phibel 7a6603
 1 file changed, 11 insertions(+), 4 deletions(-)
Richard Phibel 7a6603
Richard Phibel 7a6603
diff --git a/rpm2extents.c b/rpm2extents.c
Richard Phibel 7a6603
index c2a373914..0ee8666fa 100644
Richard Phibel 7a6603
--- a/rpm2extents.c
Richard Phibel 7a6603
+++ b/rpm2extents.c
Richard Phibel 7a6603
@@ -226,6 +226,7 @@ exit:
Richard Phibel 7a6603
     if(msg) {
Richard Phibel 7a6603
 	free(msg);
Richard Phibel 7a6603
     }
Richard Phibel 7a6603
+    rpmtsFree(ts);
Richard Phibel 7a6603
     return rc;
Richard Phibel 7a6603
 }
Richard Phibel 7a6603
 
Richard Phibel 7a6603
@@ -243,6 +244,7 @@ static void sanitizeSignatureHeader(Header * sigh)
Richard Phibel 7a6603
 	*sigh = headerLink(nh);
Richard Phibel 7a6603
 	headerFree(nh);
Richard Phibel 7a6603
     }
Richard Phibel 7a6603
+    rpmtdFreeData(&td);
Richard Phibel 7a6603
 }
Richard Phibel 7a6603
 
Richard Phibel 7a6603
 static rpmRC process_package(FD_t fdi, FD_t digestori, FD_t validationi)
Richard Phibel 7a6603
@@ -281,6 +283,8 @@ static rpmRC process_package(FD_t fdi, FD_t digestori, FD_t validationi)
Richard Phibel 7a6603
     rpmfiles files = NULL;
Richard Phibel 7a6603
     rpmfi fi = NULL;
Richard Phibel 7a6603
     char *msg = NULL;
Richard Phibel 7a6603
+    struct digestoffset *offsets = NULL;
Richard Phibel 7a6603
+    digestSet ds = NULL;
Richard Phibel 7a6603
 
Richard Phibel 7a6603
     fdo = fdDup(STDOUT_FILENO);
Richard Phibel 7a6603
 
Richard Phibel 7a6603
@@ -357,10 +361,8 @@ static rpmRC process_package(FD_t fdi, FD_t digestori, FD_t validationi)
Richard Phibel 7a6603
 	 * now?)
Richard Phibel 7a6603
 	 */
Richard Phibel 7a6603
 	diglen = (uint32_t) rpmDigestLength(rpmfiDigestAlgo(fi));
Richard Phibel 7a6603
-	digestSet ds =
Richard Phibel 7a6603
-	    digestSetCreate(rpmfiFC(fi), digestSetHash, digestSetCmp,
Richard Phibel 7a6603
-			    NULL);
Richard Phibel 7a6603
-	struct digestoffset offsets[rpmfiFC(fi)];
Richard Phibel 7a6603
+	ds = digestSetCreate(rpmfiFC(fi), digestSetHash, digestSetCmp, NULL);
Richard Phibel 7a6603
+	offsets = xcalloc(rpmfiFC(fi), sizeof(*offsets));
Richard Phibel 7a6603
 	pos = RPMLEAD_SIZE + headerSizeof(sigh, HEADER_MAGIC_YES);
Richard Phibel 7a6603
 
Richard Phibel 7a6603
 	/* main headers are aligned to 8 byte boundry */
Richard Phibel 7a6603
@@ -494,6 +496,10 @@ static rpmRC process_package(FD_t fdi, FD_t digestori, FD_t validationi)
Richard Phibel 7a6603
     rpmfilesFree(files);
Richard Phibel 7a6603
     rpmfiFree(fi);
Richard Phibel 7a6603
     headerFree(h);
Richard Phibel 7a6603
+    headerFree(sigh);
Richard Phibel 7a6603
+    free(offsets);
Richard Phibel 7a6603
+    Fclose(fdo);
Richard Phibel 7a6603
+    digestSetFree(ds);
Richard Phibel 7a6603
     return rc;
Richard Phibel 7a6603
 }
Richard Phibel 7a6603
 
Richard Phibel 7a6603
@@ -693,6 +699,7 @@ int main(int argc, char *argv[]) {
Richard Phibel 7a6603
 
Richard Phibel 7a6603
     FD_t fdi = fdDup(STDIN_FILENO);
Richard Phibel 7a6603
     rc = teeRpm(fdi, algos, nb_algos);
Richard Phibel 7a6603
+    Fclose(fdi);
Richard Phibel 7a6603
     if (rc != RPMRC_OK) {
Richard Phibel 7a6603
 	/* translate rpmRC into generic failure return code. */
Richard Phibel 7a6603
 	return EXIT_FAILURE;
Richard Phibel 7a6603
-- 
Richard Phibel 7a6603
2.40.1
Richard Phibel 7a6603