richardphibel / rpms / rpm

Forked from rpms/rpm 2 years ago
Clone
517f18
commit c7d7c5acd0c14d0450016887cba1d86483086794
517f18
Author: Michal Domonkos <mdomonko@redhat.com>
517f18
Date:   Mon Jun 21 10:05:10 2021 +0200
517f18
517f18
    Add quoting to literal curly brackets
517f18
    
517f18
    These curly brackets are already treated as literals by the shell, so
517f18
    let's make that explicit for clarity, and silence a ShellCheck warning
517f18
    at the same time.
517f18
    
517f18
    More info: https://github.com/koalaman/shellcheck/wiki/SC1083
517f18
    
517f18
    Found by ShellCheck.
517f18
517f18
diff -up rpm-4.16.1.3/scripts/check-rpaths-worker.orig rpm-4.16.1.3/scripts/check-rpaths-worker
517f18
--- rpm-4.16.1.3/scripts/check-rpaths-worker.orig	2021-06-29 15:34:31.671003589 +0200
517f18
+++ rpm-4.16.1.3/scripts/check-rpaths-worker	2021-06-29 15:34:51.993414093 +0200
517f18
@@ -120,13 +120,13 @@ for i; do
517f18
 	        (/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
517f18
 		    badness=0;;
517f18
 
517f18
-		(\$ORIGIN|\${ORIGINX}|\$ORIGIN/*|\${ORIGINX}/*)
517f18
+		(\$ORIGIN|\$\{ORIGINX\}|\$ORIGIN/*|\$\{ORIGINX\}/*)
517f18
 		    test $allow_ORIGIN -eq 0 && badness=8 || {
517f18
 			badness=0
517f18
 			new_allow_ORIGIN=1
517f18
 		    }
517f18
 		    ;;
517f18
-		(/*\$PLATFORM*|/*\${PLATFORM}*|/*\$LIB*|/*\${LIB}*)
517f18
+		(/*\$PLATFORM*|/*\$\{PLATFORM\}*|/*\$LIB*|/*\$\{LIB\}*)
517f18
 		    badness=0;;
517f18
 	    	
517f18
 	        (/lib|/usr/lib|/usr/X11R6/lib)
517f18
From d8dc4fd37b1d90cd97de7fcf484d449ec132c9b3 Mon Sep 17 00:00:00 2001
517f18
From: Michal Domonkos <mdomonko@redhat.com>
517f18
Date: Wed, 9 Jun 2021 21:31:40 +0200
517f18
Subject: [PATCH 1/7] Fix memory leak in sqlexec()
517f18
517f18
Callers are supposed to free the error strings themselves:
517f18
https://www.sqlite.org/capi3ref.html#sqlite3_exec
517f18
517f18
Found by Coverity.
517f18
---
517f18
 lib/backend/sqlite.c | 1 +
517f18
 1 file changed, 1 insertion(+)
517f18
517f18
diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c
517f18
index 7c2de45aa..dbefeb163 100644
517f18
--- a/lib/backend/sqlite.c
517f18
+++ b/lib/backend/sqlite.c
517f18
@@ -233,6 +233,7 @@ static int sqlexec(sqlite3 *sdb, const char *fmt, ...)
517f18
 	rpmlog(RPMLOG_DEBUG, "%s: %d\n", cmd, rc);
517f18
 
517f18
     sqlite3_free(cmd);
517f18
+    sqlite3_free(err);
517f18
 
517f18
     return rc ? RPMRC_FAIL : RPMRC_OK;
517f18
 }
517f18
-- 
517f18
2.31.1
517f18
517f18
From 5baf73feb4951cc3b3f553a4b18d3b3599cbf87c Mon Sep 17 00:00:00 2001
517f18
From: Michal Domonkos <mdomonko@redhat.com>
517f18
Date: Fri, 25 Jun 2021 11:21:46 +0200
517f18
Subject: [PATCH 2/7] Always free the arg list passed to rpmGlob()
517f18
517f18
Even though the actual implementation of rpmGlob() does not allocate the
517f18
passed arg list (av) if the return code (rc) is non-zero or arg count
517f18
(ac) is 0, it's the responsibility of the caller (rpmInstall() here) to
517f18
free that memory, so make sure we do that irrespectively of the above
517f18
conditions.
517f18
517f18
Found by Coverity.
517f18
---
517f18
 lib/rpminstall.c | 1 +
517f18
 1 file changed, 1 insertion(+)
517f18
517f18
diff --git a/lib/rpminstall.c b/lib/rpminstall.c
517f18
index 724126e94..302ec0ba1 100644
517f18
--- a/lib/rpminstall.c
517f18
+++ b/lib/rpminstall.c
517f18
@@ -461,6 +461,7 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
517f18
 		rpmlog(RPMLOG_ERR, _("File not found by glob: %s\n"), *eiu->fnp);
517f18
 	    }
517f18
 	    eiu->numFailed++;
517f18
+	    argvFree(av);
517f18
 	    continue;
517f18
 	}
517f18
 
517f18
-- 
517f18
2.31.1
517f18
517f18
From 3c8b01b67ec907afaaffe71691fa41b878578527 Mon Sep 17 00:00:00 2001
517f18
From: Michal Domonkos <mdomonko@redhat.com>
517f18
Date: Mon, 14 Jun 2021 10:21:25 +0200
517f18
Subject: [PATCH 3/7] Fix resource leak in Fts_children()
517f18
517f18
This function is not used anywhere within our codebase (and neither is
517f18
it part of the public API) so it's basically a no-op... Still, rather
517f18
than yanking it completely, let's just silence the Coverity error here.
517f18
517f18
Found by Coverity.
517f18
---
517f18
 misc/fts.c | 4 +++-
517f18
 1 file changed, 3 insertions(+), 1 deletion(-)
517f18
517f18
diff --git a/misc/fts.c b/misc/fts.c
517f18
index d3ebb2946..caf27495d 100644
517f18
--- a/misc/fts.c
517f18
+++ b/misc/fts.c
517f18
@@ -585,8 +585,10 @@ Fts_children(FTS * sp, int instr)
517f18
 	if ((fd = __open(".", O_RDONLY, 0)) < 0)
517f18
 		return (NULL);
517f18
 	sp->fts_child = fts_build(sp, instr);
517f18
-	if (__fchdir(fd))
517f18
+	if (__fchdir(fd)) {
517f18
+		(void)__close(fd);
517f18
 		return (NULL);
517f18
+	}
517f18
 	(void)__close(fd);
517f18
 	return (sp->fts_child);
517f18
 }
517f18
-- 
517f18
2.31.1
517f18
517f18
From 39b7bf8579e0522cf16347b3a7e332d3b6d742c6 Mon Sep 17 00:00:00 2001
517f18
From: Michal Domonkos <mdomonko@redhat.com>
517f18
Date: Mon, 14 Jun 2021 12:34:23 +0200
517f18
Subject: [PATCH 4/7] Fix memory leak in fts_build()
517f18
517f18
Turns out this leak is already fixed in glibc's current version of fts.c
517f18
(where our copy originates from), so let's just backport that.
517f18
517f18
Original commit in glibc:
517f18
https://sourceware.org/git/?p=glibc.git;\
517f18
a=commit;h=db67c2c98b89a5723af44df54f38b779de8d4a65
517f18
517f18
Found by Coverity.
517f18
---
517f18
 misc/fts.c | 2 ++
517f18
 1 file changed, 2 insertions(+)
517f18
517f18
diff --git a/misc/fts.c b/misc/fts.c
517f18
index caf27495d..f7fce0eaa 100644
517f18
--- a/misc/fts.c
517f18
+++ b/misc/fts.c
517f18
@@ -855,6 +855,7 @@ mem1:				saved_errno = errno;
517f18
 	     fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) {
517f18
 		cur->fts_info = FTS_ERR;
517f18
 		SET(FTS_STOP);
517f18
+		fts_lfree(head);
517f18
 		return (NULL);
517f18
 	}
517f18
 
517f18
@@ -862,6 +863,7 @@ mem1:				saved_errno = errno;
517f18
 	if (!nitems) {
517f18
 		if (type == BREAD)
517f18
 			cur->fts_info = FTS_DP;
517f18
+		fts_lfree(head);
517f18
 		return (NULL);
517f18
 	}
517f18
 
517f18
-- 
517f18
2.31.1
517f18
517f18
From 9c093c4f092dd6bd1e0c8d2b852a72b74db076c2 Mon Sep 17 00:00:00 2001
517f18
From: Michal Domonkos <mdomonko@redhat.com>
517f18
Date: Tue, 15 Jun 2021 13:34:21 +0200
517f18
Subject: [PATCH 5/7] Fix memory leak in decodePkts()
517f18
517f18
Found by Coverity.
517f18
---
517f18
 rpmio/rpmpgp.c | 6 +++++-
517f18
 1 file changed, 5 insertions(+), 1 deletion(-)
517f18
517f18
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
517f18
index c59185dce..ee5c81e24 100644
517f18
--- a/rpmio/rpmpgp.c
517f18
+++ b/rpmio/rpmpgp.c
517f18
@@ -1371,9 +1371,13 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
517f18
 	    crc = pgpCRC(dec, declen);
517f18
 	    if (crcpkt != crc) {
517f18
 		ec = PGPARMOR_ERR_CRC_CHECK;
517f18
+		_free(dec);
517f18
 		goto exit;
517f18
 	    }
517f18
-	    if (pkt) *pkt = dec;
517f18
+	    if (pkt)
517f18
+		*pkt = dec;
517f18
+	    else
517f18
+		_free(dec);
517f18
 	    if (pktlen) *pktlen = declen;
517f18
 	    ec = PGPARMOR_PUBKEY;	/* XXX ASCII Pubkeys only, please. */
517f18
 	    goto exit;
517f18
-- 
517f18
2.31.1
517f18
517f18
From 590b2fc06252567eb7d57197dc361a8b459d62a3 Mon Sep 17 00:00:00 2001
517f18
From: Michal Domonkos <mdomonko@redhat.com>
517f18
Date: Mon, 21 Jun 2021 17:51:14 +0200
517f18
Subject: [PATCH 6/7] Fix memory leak with multiple %lang-s in one line
517f18
517f18
We permit two equivalent forms of specifying a list of languages per
517f18
file:
517f18
517f18
  %lang(xx,yy,zz) /path/to/file
517f18
  %lang(xx) %lang(yy) %lang(zz) /path/to/file
517f18
517f18
The leak was when parsing the second form.
517f18
517f18
Found by Coverity.
517f18
---
517f18
 build/files.c | 2 ++
517f18
 1 file changed, 2 insertions(+)
517f18
517f18
diff --git a/build/files.c b/build/files.c
517f18
index f8153ad2b..0c8859f6c 100644
517f18
--- a/build/files.c
517f18
+++ b/build/files.c
517f18
@@ -777,6 +777,8 @@ static rpmRC parseForLang(char * buf, FileEntry cur)
517f18
 
517f18
 	if (*pe == ',') pe++;	/* skip , if present */
517f18
     }
517f18
+
517f18
+    q = _free(q);
517f18
   }
517f18
 
517f18
     rc = RPMRC_OK;
517f18
-- 
517f18
2.31.1
517f18
517f18
From b7a1e996326ee29a163d67ceb1e6127fdc251c14 Mon Sep 17 00:00:00 2001
517f18
From: Michal Domonkos <mdomonko@redhat.com>
517f18
Date: Fri, 25 Jun 2021 15:15:08 +0200
517f18
Subject: [PATCH 7/7] Fix memory leaks in Lua rex extension
517f18
517f18
This covers the following usage:
517f18
517f18
expr = rex.newPOSIX(<regex>)
517f18
expr:match(<string>)           # A leak occurred here
517f18
expr:gmatch(<string>, <func>)  # A leak occurred here
517f18
517f18
Found by Coverity.
517f18
---
517f18
 luaext/lrexlib.c | 9 ++++++---
517f18
 1 file changed, 6 insertions(+), 3 deletions(-)
517f18
517f18
diff --git a/luaext/lrexlib.c b/luaext/lrexlib.c
517f18
index 09c5a6454..0f29b6371 100644
517f18
--- a/luaext/lrexlib.c
517f18
+++ b/luaext/lrexlib.c
517f18
@@ -80,6 +80,7 @@ static void rex_push_matches(lua_State *L, const char *text, regmatch_t *match,
517f18
 
517f18
 static int rex_match(lua_State *L)
517f18
 {
517f18
+  int rc = 0;
517f18
   int res;
517f18
 #ifdef REG_BASIC
517f18
   size_t len;
517f18
@@ -109,9 +110,10 @@ static int rex_match(lua_State *L)
517f18
     lua_pushstring(L, "n");
517f18
     lua_pushnumber(L, ncapt);
517f18
     lua_rawset(L, -3);
517f18
-    return 3;
517f18
-  } else
517f18
-    return 0;
517f18
+    rc = 3;
517f18
+  }
517f18
+  free(match);
517f18
+  return rc;
517f18
 }
517f18
 
517f18
 static int rex_gmatch(lua_State *L)
517f18
@@ -158,6 +160,7 @@ static int rex_gmatch(lua_State *L)
517f18
       break;
517f18
   }
517f18
   lua_pushnumber(L, nmatch);
517f18
+  free(match);
517f18
   return 1;
517f18
 }
517f18
 
517f18
-- 
517f18
2.31.1
517f18
517f18
commit 9747a6af016a3458d54fe060777c95e3900b5fa4
517f18
Author: Demi Marie Obenour <athena@invisiblethingslab.com>
517f18
Date:   Tue Mar 2 12:47:29 2021 -0500
517f18
517f18
    Fix a tiny memory leak
517f18
    
517f18
    Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN.
517f18
517f18
diff --git a/lib/headerutil.c b/lib/headerutil.c
517f18
index 22e36c74d..fab210ff2 100644
517f18
--- a/lib/headerutil.c
517f18
+++ b/lib/headerutil.c
517f18
@@ -333,8 +333,10 @@ static void providePackageNVR(Header h)
517f18
     rpmds hds, nvrds;
517f18
 
517f18
     /* Generate provides for this package name-version-release. */
517f18
-    if (!(name && pEVR))
517f18
+    if (!(name && pEVR)) {
517f18
+	free(pEVR);
517f18
 	return;
517f18
+    }
517f18
 
517f18
     /*
517f18
      * Rpm prior to 3.0.3 does not have versioned provides.
517f18
commit cb2ae4bdf2f60876fdc68e3f84938e9c37182fab
517f18
Author: Igor Gnatenko <i.gnatenko.brain@gmail.com>
517f18
Date:   Tue Feb 6 14:50:27 2018 +0100
517f18
517f18
    lua: fix memory leak in Pexec()
517f18
    
517f18
    Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
517f18
517f18
diff --git a/luaext/lposix.c b/luaext/lposix.c
517f18
index 5d7ad3c87..2730bcff7 100644
517f18
--- a/luaext/lposix.c
517f18
+++ b/luaext/lposix.c
517f18
@@ -348,6 +348,7 @@ static int Pexec(lua_State *L)			/** exec(path,[args]) */
517f18
 	for (i=1; i
517f18
 	argv[i] = NULL;
517f18
 	execvp(path,argv);
517f18
+	free(argv);
517f18
 	return pusherror(L, path);
517f18
 }