teknoraver / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame SOURCES/rpm-4.14.3-imp-covscan-fixes.patch

00810b
commit c7d7c5acd0c14d0450016887cba1d86483086794
00810b
Author: Michal Domonkos <mdomonko@redhat.com>
00810b
Date:   Mon Jun 21 10:05:10 2021 +0200
00810b
00810b
    Add quoting to literal curly brackets
00810b
    
00810b
    These curly brackets are already treated as literals by the shell, so
00810b
    let's make that explicit for clarity, and silence a ShellCheck warning
00810b
    at the same time.
00810b
    
00810b
    More info: https://github.com/koalaman/shellcheck/wiki/SC1083
00810b
    
00810b
    Found by ShellCheck.
00810b
00810b
diff -up rpm-4.16.1.3/scripts/check-rpaths-worker.orig rpm-4.16.1.3/scripts/check-rpaths-worker
00810b
--- rpm-4.16.1.3/scripts/check-rpaths-worker.orig	2021-06-29 15:34:31.671003589 +0200
00810b
+++ rpm-4.16.1.3/scripts/check-rpaths-worker	2021-06-29 15:34:51.993414093 +0200
00810b
@@ -120,13 +120,13 @@ for i; do
00810b
 	        (/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
00810b
 		    badness=0;;
00810b
 
00810b
-		(\$ORIGIN|\${ORIGINX}|\$ORIGIN/*|\${ORIGINX}/*)
00810b
+		(\$ORIGIN|\$\{ORIGINX\}|\$ORIGIN/*|\$\{ORIGINX\}/*)
00810b
 		    test $allow_ORIGIN -eq 0 && badness=8 || {
00810b
 			badness=0
00810b
 			new_allow_ORIGIN=1
00810b
 		    }
00810b
 		    ;;
00810b
-		(/*\$PLATFORM*|/*\${PLATFORM}*|/*\$LIB*|/*\${LIB}*)
00810b
+		(/*\$PLATFORM*|/*\$\{PLATFORM\}*|/*\$LIB*|/*\$\{LIB\}*)
00810b
 		    badness=0;;
00810b
 	    	
00810b
 	        (/lib|/usr/lib|/usr/X11R6/lib)
00810b
From d8dc4fd37b1d90cd97de7fcf484d449ec132c9b3 Mon Sep 17 00:00:00 2001
00810b
From: Michal Domonkos <mdomonko@redhat.com>
00810b
Date: Wed, 9 Jun 2021 21:31:40 +0200
00810b
Subject: [PATCH 1/7] Fix memory leak in sqlexec()
00810b
00810b
Callers are supposed to free the error strings themselves:
00810b
https://www.sqlite.org/capi3ref.html#sqlite3_exec
00810b
00810b
Found by Coverity.
00810b
---
00810b
 lib/backend/sqlite.c | 1 +
00810b
 1 file changed, 1 insertion(+)
00810b
00810b
diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c
00810b
index 7c2de45aa..dbefeb163 100644
00810b
--- a/lib/backend/sqlite.c
00810b
+++ b/lib/backend/sqlite.c
00810b
@@ -233,6 +233,7 @@ static int sqlexec(sqlite3 *sdb, const char *fmt, ...)
00810b
 	rpmlog(RPMLOG_DEBUG, "%s: %d\n", cmd, rc);
00810b
 
00810b
     sqlite3_free(cmd);
00810b
+    sqlite3_free(err);
00810b
 
00810b
     return rc ? RPMRC_FAIL : RPMRC_OK;
00810b
 }
00810b
-- 
00810b
2.31.1
00810b
00810b
From 5baf73feb4951cc3b3f553a4b18d3b3599cbf87c Mon Sep 17 00:00:00 2001
00810b
From: Michal Domonkos <mdomonko@redhat.com>
00810b
Date: Fri, 25 Jun 2021 11:21:46 +0200
00810b
Subject: [PATCH 2/7] Always free the arg list passed to rpmGlob()
00810b
00810b
Even though the actual implementation of rpmGlob() does not allocate the
00810b
passed arg list (av) if the return code (rc) is non-zero or arg count
00810b
(ac) is 0, it's the responsibility of the caller (rpmInstall() here) to
00810b
free that memory, so make sure we do that irrespectively of the above
00810b
conditions.
00810b
00810b
Found by Coverity.
00810b
---
00810b
 lib/rpminstall.c | 1 +
00810b
 1 file changed, 1 insertion(+)
00810b
00810b
diff --git a/lib/rpminstall.c b/lib/rpminstall.c
00810b
index 724126e94..302ec0ba1 100644
00810b
--- a/lib/rpminstall.c
00810b
+++ b/lib/rpminstall.c
00810b
@@ -461,6 +461,7 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
00810b
 		rpmlog(RPMLOG_ERR, _("File not found by glob: %s\n"), *eiu->fnp);
00810b
 	    }
00810b
 	    eiu->numFailed++;
00810b
+	    argvFree(av);
00810b
 	    continue;
00810b
 	}
00810b
 
00810b
-- 
00810b
2.31.1
00810b
00810b
From 3c8b01b67ec907afaaffe71691fa41b878578527 Mon Sep 17 00:00:00 2001
00810b
From: Michal Domonkos <mdomonko@redhat.com>
00810b
Date: Mon, 14 Jun 2021 10:21:25 +0200
00810b
Subject: [PATCH 3/7] Fix resource leak in Fts_children()
00810b
00810b
This function is not used anywhere within our codebase (and neither is
00810b
it part of the public API) so it's basically a no-op... Still, rather
00810b
than yanking it completely, let's just silence the Coverity error here.
00810b
00810b
Found by Coverity.
00810b
---
00810b
 misc/fts.c | 4 +++-
00810b
 1 file changed, 3 insertions(+), 1 deletion(-)
00810b
00810b
diff --git a/misc/fts.c b/misc/fts.c
00810b
index d3ebb2946..caf27495d 100644
00810b
--- a/misc/fts.c
00810b
+++ b/misc/fts.c
00810b
@@ -585,8 +585,10 @@ Fts_children(FTS * sp, int instr)
00810b
 	if ((fd = __open(".", O_RDONLY, 0)) < 0)
00810b
 		return (NULL);
00810b
 	sp->fts_child = fts_build(sp, instr);
00810b
-	if (__fchdir(fd))
00810b
+	if (__fchdir(fd)) {
00810b
+		(void)__close(fd);
00810b
 		return (NULL);
00810b
+	}
00810b
 	(void)__close(fd);
00810b
 	return (sp->fts_child);
00810b
 }
00810b
-- 
00810b
2.31.1
00810b
00810b
From 39b7bf8579e0522cf16347b3a7e332d3b6d742c6 Mon Sep 17 00:00:00 2001
00810b
From: Michal Domonkos <mdomonko@redhat.com>
00810b
Date: Mon, 14 Jun 2021 12:34:23 +0200
00810b
Subject: [PATCH 4/7] Fix memory leak in fts_build()
00810b
00810b
Turns out this leak is already fixed in glibc's current version of fts.c
00810b
(where our copy originates from), so let's just backport that.
00810b
00810b
Original commit in glibc:
00810b
https://sourceware.org/git/?p=glibc.git;\
00810b
a=commit;h=db67c2c98b89a5723af44df54f38b779de8d4a65
00810b
00810b
Found by Coverity.
00810b
---
00810b
 misc/fts.c | 2 ++
00810b
 1 file changed, 2 insertions(+)
00810b
00810b
diff --git a/misc/fts.c b/misc/fts.c
00810b
index caf27495d..f7fce0eaa 100644
00810b
--- a/misc/fts.c
00810b
+++ b/misc/fts.c
00810b
@@ -855,6 +855,7 @@ mem1:				saved_errno = errno;
00810b
 	     fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) {
00810b
 		cur->fts_info = FTS_ERR;
00810b
 		SET(FTS_STOP);
00810b
+		fts_lfree(head);
00810b
 		return (NULL);
00810b
 	}
00810b
 
00810b
@@ -862,6 +863,7 @@ mem1:				saved_errno = errno;
00810b
 	if (!nitems) {
00810b
 		if (type == BREAD)
00810b
 			cur->fts_info = FTS_DP;
00810b
+		fts_lfree(head);
00810b
 		return (NULL);
00810b
 	}
00810b
 
00810b
-- 
00810b
2.31.1
00810b
00810b
From 9c093c4f092dd6bd1e0c8d2b852a72b74db076c2 Mon Sep 17 00:00:00 2001
00810b
From: Michal Domonkos <mdomonko@redhat.com>
00810b
Date: Tue, 15 Jun 2021 13:34:21 +0200
00810b
Subject: [PATCH 5/7] Fix memory leak in decodePkts()
00810b
00810b
Found by Coverity.
00810b
---
00810b
 rpmio/rpmpgp.c | 6 +++++-
00810b
 1 file changed, 5 insertions(+), 1 deletion(-)
00810b
00810b
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
00810b
index c59185dce..ee5c81e24 100644
00810b
--- a/rpmio/rpmpgp.c
00810b
+++ b/rpmio/rpmpgp.c
00810b
@@ -1371,9 +1371,13 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
00810b
 	    crc = pgpCRC(dec, declen);
00810b
 	    if (crcpkt != crc) {
00810b
 		ec = PGPARMOR_ERR_CRC_CHECK;
00810b
+		_free(dec);
00810b
 		goto exit;
00810b
 	    }
00810b
-	    if (pkt) *pkt = dec;
00810b
+	    if (pkt)
00810b
+		*pkt = dec;
00810b
+	    else
00810b
+		_free(dec);
00810b
 	    if (pktlen) *pktlen = declen;
00810b
 	    ec = PGPARMOR_PUBKEY;	/* XXX ASCII Pubkeys only, please. */
00810b
 	    goto exit;
00810b
-- 
00810b
2.31.1
00810b
00810b
From 590b2fc06252567eb7d57197dc361a8b459d62a3 Mon Sep 17 00:00:00 2001
00810b
From: Michal Domonkos <mdomonko@redhat.com>
00810b
Date: Mon, 21 Jun 2021 17:51:14 +0200
00810b
Subject: [PATCH 6/7] Fix memory leak with multiple %lang-s in one line
00810b
00810b
We permit two equivalent forms of specifying a list of languages per
00810b
file:
00810b
00810b
  %lang(xx,yy,zz) /path/to/file
00810b
  %lang(xx) %lang(yy) %lang(zz) /path/to/file
00810b
00810b
The leak was when parsing the second form.
00810b
00810b
Found by Coverity.
00810b
---
00810b
 build/files.c | 2 ++
00810b
 1 file changed, 2 insertions(+)
00810b
00810b
diff --git a/build/files.c b/build/files.c
00810b
index f8153ad2b..0c8859f6c 100644
00810b
--- a/build/files.c
00810b
+++ b/build/files.c
00810b
@@ -777,6 +777,8 @@ static rpmRC parseForLang(char * buf, FileEntry cur)
00810b
 
00810b
 	if (*pe == ',') pe++;	/* skip , if present */
00810b
     }
00810b
+
00810b
+    q = _free(q);
00810b
   }
00810b
 
00810b
     rc = RPMRC_OK;
00810b
-- 
00810b
2.31.1
00810b
00810b
From b7a1e996326ee29a163d67ceb1e6127fdc251c14 Mon Sep 17 00:00:00 2001
00810b
From: Michal Domonkos <mdomonko@redhat.com>
00810b
Date: Fri, 25 Jun 2021 15:15:08 +0200
00810b
Subject: [PATCH 7/7] Fix memory leaks in Lua rex extension
00810b
00810b
This covers the following usage:
00810b
00810b
expr = rex.newPOSIX(<regex>)
00810b
expr:match(<string>)           # A leak occurred here
00810b
expr:gmatch(<string>, <func>)  # A leak occurred here
00810b
00810b
Found by Coverity.
00810b
---
00810b
 luaext/lrexlib.c | 9 ++++++---
00810b
 1 file changed, 6 insertions(+), 3 deletions(-)
00810b
00810b
diff --git a/luaext/lrexlib.c b/luaext/lrexlib.c
00810b
index 09c5a6454..0f29b6371 100644
00810b
--- a/luaext/lrexlib.c
00810b
+++ b/luaext/lrexlib.c
00810b
@@ -80,6 +80,7 @@ static void rex_push_matches(lua_State *L, const char *text, regmatch_t *match,
00810b
 
00810b
 static int rex_match(lua_State *L)
00810b
 {
00810b
+  int rc = 0;
00810b
   int res;
00810b
 #ifdef REG_BASIC
00810b
   size_t len;
00810b
@@ -109,9 +110,10 @@ static int rex_match(lua_State *L)
00810b
     lua_pushstring(L, "n");
00810b
     lua_pushnumber(L, ncapt);
00810b
     lua_rawset(L, -3);
00810b
-    return 3;
00810b
-  } else
00810b
-    return 0;
00810b
+    rc = 3;
00810b
+  }
00810b
+  free(match);
00810b
+  return rc;
00810b
 }
00810b
 
00810b
 static int rex_gmatch(lua_State *L)
00810b
@@ -158,6 +160,7 @@ static int rex_gmatch(lua_State *L)
00810b
       break;
00810b
   }
00810b
   lua_pushnumber(L, nmatch);
00810b
+  free(match);
00810b
   return 1;
00810b
 }
00810b
 
00810b
-- 
00810b
2.31.1
00810b
00810b
commit 9747a6af016a3458d54fe060777c95e3900b5fa4
00810b
Author: Demi Marie Obenour <athena@invisiblethingslab.com>
00810b
Date:   Tue Mar 2 12:47:29 2021 -0500
00810b
00810b
    Fix a tiny memory leak
00810b
    
00810b
    Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN.
00810b
00810b
diff --git a/lib/headerutil.c b/lib/headerutil.c
00810b
index 22e36c74d..fab210ff2 100644
00810b
--- a/lib/headerutil.c
00810b
+++ b/lib/headerutil.c
00810b
@@ -333,8 +333,10 @@ static void providePackageNVR(Header h)
00810b
     rpmds hds, nvrds;
00810b
 
00810b
     /* Generate provides for this package name-version-release. */
00810b
-    if (!(name && pEVR))
00810b
+    if (!(name && pEVR)) {
00810b
+	free(pEVR);
00810b
 	return;
00810b
+    }
00810b
 
00810b
     /*
00810b
      * Rpm prior to 3.0.3 does not have versioned provides.
00810b
commit cb2ae4bdf2f60876fdc68e3f84938e9c37182fab
00810b
Author: Igor Gnatenko <i.gnatenko.brain@gmail.com>
00810b
Date:   Tue Feb 6 14:50:27 2018 +0100
00810b
00810b
    lua: fix memory leak in Pexec()
00810b
    
00810b
    Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
00810b
00810b
diff --git a/luaext/lposix.c b/luaext/lposix.c
00810b
index 5d7ad3c87..2730bcff7 100644
00810b
--- a/luaext/lposix.c
00810b
+++ b/luaext/lposix.c
00810b
@@ -348,6 +348,7 @@ static int Pexec(lua_State *L)			/** exec(path,[args]) */
00810b
 	for (i=1; i
00810b
 	argv[i] = NULL;
00810b
 	execvp(path,argv);
00810b
+	free(argv);
00810b
 	return pusherror(L, path);
00810b
 }