richardphibel / rpms / rpm

Forked from rpms/rpm 2 years ago
Clone
bfc6f7
commit c7d7c5acd0c14d0450016887cba1d86483086794
bfc6f7
Author: Michal Domonkos <mdomonko@redhat.com>
bfc6f7
Date:   Mon Jun 21 10:05:10 2021 +0200
bfc6f7
bfc6f7
    Add quoting to literal curly brackets
bfc6f7
    
bfc6f7
    These curly brackets are already treated as literals by the shell, so
bfc6f7
    let's make that explicit for clarity, and silence a ShellCheck warning
bfc6f7
    at the same time.
bfc6f7
    
bfc6f7
    More info: https://github.com/koalaman/shellcheck/wiki/SC1083
bfc6f7
    
bfc6f7
    Found by ShellCheck.
bfc6f7
bfc6f7
diff -up rpm-4.16.1.3/scripts/check-rpaths-worker.orig rpm-4.16.1.3/scripts/check-rpaths-worker
bfc6f7
--- rpm-4.16.1.3/scripts/check-rpaths-worker.orig	2021-06-29 15:34:31.671003589 +0200
bfc6f7
+++ rpm-4.16.1.3/scripts/check-rpaths-worker	2021-06-29 15:34:51.993414093 +0200
bfc6f7
@@ -120,13 +120,13 @@ for i; do
bfc6f7
 	        (/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
bfc6f7
 		    badness=0;;
bfc6f7
 
bfc6f7
-		(\$ORIGIN|\${ORIGINX}|\$ORIGIN/*|\${ORIGINX}/*)
bfc6f7
+		(\$ORIGIN|\$\{ORIGINX\}|\$ORIGIN/*|\$\{ORIGINX\}/*)
bfc6f7
 		    test $allow_ORIGIN -eq 0 && badness=8 || {
bfc6f7
 			badness=0
bfc6f7
 			new_allow_ORIGIN=1
bfc6f7
 		    }
bfc6f7
 		    ;;
bfc6f7
-		(/*\$PLATFORM*|/*\${PLATFORM}*|/*\$LIB*|/*\${LIB}*)
bfc6f7
+		(/*\$PLATFORM*|/*\$\{PLATFORM\}*|/*\$LIB*|/*\$\{LIB\}*)
bfc6f7
 		    badness=0;;
bfc6f7
 	    	
bfc6f7
 	        (/lib|/usr/lib|/usr/X11R6/lib)
bfc6f7
From d8dc4fd37b1d90cd97de7fcf484d449ec132c9b3 Mon Sep 17 00:00:00 2001
bfc6f7
From: Michal Domonkos <mdomonko@redhat.com>
bfc6f7
Date: Wed, 9 Jun 2021 21:31:40 +0200
bfc6f7
Subject: [PATCH 1/7] Fix memory leak in sqlexec()
bfc6f7
bfc6f7
Callers are supposed to free the error strings themselves:
bfc6f7
https://www.sqlite.org/capi3ref.html#sqlite3_exec
bfc6f7
bfc6f7
Found by Coverity.
bfc6f7
---
bfc6f7
 lib/backend/sqlite.c | 1 +
bfc6f7
 1 file changed, 1 insertion(+)
bfc6f7
bfc6f7
diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c
bfc6f7
index 7c2de45aa..dbefeb163 100644
bfc6f7
--- a/lib/backend/sqlite.c
bfc6f7
+++ b/lib/backend/sqlite.c
bfc6f7
@@ -233,6 +233,7 @@ static int sqlexec(sqlite3 *sdb, const char *fmt, ...)
bfc6f7
 	rpmlog(RPMLOG_DEBUG, "%s: %d\n", cmd, rc);
bfc6f7
 
bfc6f7
     sqlite3_free(cmd);
bfc6f7
+    sqlite3_free(err);
bfc6f7
 
bfc6f7
     return rc ? RPMRC_FAIL : RPMRC_OK;
bfc6f7
 }
bfc6f7
-- 
bfc6f7
2.31.1
bfc6f7
bfc6f7
From 5baf73feb4951cc3b3f553a4b18d3b3599cbf87c Mon Sep 17 00:00:00 2001
bfc6f7
From: Michal Domonkos <mdomonko@redhat.com>
bfc6f7
Date: Fri, 25 Jun 2021 11:21:46 +0200
bfc6f7
Subject: [PATCH 2/7] Always free the arg list passed to rpmGlob()
bfc6f7
bfc6f7
Even though the actual implementation of rpmGlob() does not allocate the
bfc6f7
passed arg list (av) if the return code (rc) is non-zero or arg count
bfc6f7
(ac) is 0, it's the responsibility of the caller (rpmInstall() here) to
bfc6f7
free that memory, so make sure we do that irrespectively of the above
bfc6f7
conditions.
bfc6f7
bfc6f7
Found by Coverity.
bfc6f7
---
bfc6f7
 lib/rpminstall.c | 1 +
bfc6f7
 1 file changed, 1 insertion(+)
bfc6f7
bfc6f7
diff --git a/lib/rpminstall.c b/lib/rpminstall.c
bfc6f7
index 724126e94..302ec0ba1 100644
bfc6f7
--- a/lib/rpminstall.c
bfc6f7
+++ b/lib/rpminstall.c
bfc6f7
@@ -461,6 +461,7 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
bfc6f7
 		rpmlog(RPMLOG_ERR, _("File not found by glob: %s\n"), *eiu->fnp);
bfc6f7
 	    }
bfc6f7
 	    eiu->numFailed++;
bfc6f7
+	    argvFree(av);
bfc6f7
 	    continue;
bfc6f7
 	}
bfc6f7
 
bfc6f7
-- 
bfc6f7
2.31.1
bfc6f7
bfc6f7
From 3c8b01b67ec907afaaffe71691fa41b878578527 Mon Sep 17 00:00:00 2001
bfc6f7
From: Michal Domonkos <mdomonko@redhat.com>
bfc6f7
Date: Mon, 14 Jun 2021 10:21:25 +0200
bfc6f7
Subject: [PATCH 3/7] Fix resource leak in Fts_children()
bfc6f7
bfc6f7
This function is not used anywhere within our codebase (and neither is
bfc6f7
it part of the public API) so it's basically a no-op... Still, rather
bfc6f7
than yanking it completely, let's just silence the Coverity error here.
bfc6f7
bfc6f7
Found by Coverity.
bfc6f7
---
bfc6f7
 misc/fts.c | 4 +++-
bfc6f7
 1 file changed, 3 insertions(+), 1 deletion(-)
bfc6f7
bfc6f7
diff --git a/misc/fts.c b/misc/fts.c
bfc6f7
index d3ebb2946..caf27495d 100644
bfc6f7
--- a/misc/fts.c
bfc6f7
+++ b/misc/fts.c
bfc6f7
@@ -585,8 +585,10 @@ Fts_children(FTS * sp, int instr)
bfc6f7
 	if ((fd = __open(".", O_RDONLY, 0)) < 0)
bfc6f7
 		return (NULL);
bfc6f7
 	sp->fts_child = fts_build(sp, instr);
bfc6f7
-	if (__fchdir(fd))
bfc6f7
+	if (__fchdir(fd)) {
bfc6f7
+		(void)__close(fd);
bfc6f7
 		return (NULL);
bfc6f7
+	}
bfc6f7
 	(void)__close(fd);
bfc6f7
 	return (sp->fts_child);
bfc6f7
 }
bfc6f7
-- 
bfc6f7
2.31.1
bfc6f7
bfc6f7
From 39b7bf8579e0522cf16347b3a7e332d3b6d742c6 Mon Sep 17 00:00:00 2001
bfc6f7
From: Michal Domonkos <mdomonko@redhat.com>
bfc6f7
Date: Mon, 14 Jun 2021 12:34:23 +0200
bfc6f7
Subject: [PATCH 4/7] Fix memory leak in fts_build()
bfc6f7
bfc6f7
Turns out this leak is already fixed in glibc's current version of fts.c
bfc6f7
(where our copy originates from), so let's just backport that.
bfc6f7
bfc6f7
Original commit in glibc:
bfc6f7
https://sourceware.org/git/?p=glibc.git;\
bfc6f7
a=commit;h=db67c2c98b89a5723af44df54f38b779de8d4a65
bfc6f7
bfc6f7
Found by Coverity.
bfc6f7
---
bfc6f7
 misc/fts.c | 2 ++
bfc6f7
 1 file changed, 2 insertions(+)
bfc6f7
bfc6f7
diff --git a/misc/fts.c b/misc/fts.c
bfc6f7
index caf27495d..f7fce0eaa 100644
bfc6f7
--- a/misc/fts.c
bfc6f7
+++ b/misc/fts.c
bfc6f7
@@ -855,6 +855,7 @@ mem1:				saved_errno = errno;
bfc6f7
 	     fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) {
bfc6f7
 		cur->fts_info = FTS_ERR;
bfc6f7
 		SET(FTS_STOP);
bfc6f7
+		fts_lfree(head);
bfc6f7
 		return (NULL);
bfc6f7
 	}
bfc6f7
 
bfc6f7
@@ -862,6 +863,7 @@ mem1:				saved_errno = errno;
bfc6f7
 	if (!nitems) {
bfc6f7
 		if (type == BREAD)
bfc6f7
 			cur->fts_info = FTS_DP;
bfc6f7
+		fts_lfree(head);
bfc6f7
 		return (NULL);
bfc6f7
 	}
bfc6f7
 
bfc6f7
-- 
bfc6f7
2.31.1
bfc6f7
bfc6f7
From 9c093c4f092dd6bd1e0c8d2b852a72b74db076c2 Mon Sep 17 00:00:00 2001
bfc6f7
From: Michal Domonkos <mdomonko@redhat.com>
bfc6f7
Date: Tue, 15 Jun 2021 13:34:21 +0200
bfc6f7
Subject: [PATCH 5/7] Fix memory leak in decodePkts()
bfc6f7
bfc6f7
Found by Coverity.
bfc6f7
---
bfc6f7
 rpmio/rpmpgp.c | 6 +++++-
bfc6f7
 1 file changed, 5 insertions(+), 1 deletion(-)
bfc6f7
bfc6f7
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
bfc6f7
index c59185dce..ee5c81e24 100644
bfc6f7
--- a/rpmio/rpmpgp.c
bfc6f7
+++ b/rpmio/rpmpgp.c
bfc6f7
@@ -1371,9 +1371,13 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
bfc6f7
 	    crc = pgpCRC(dec, declen);
bfc6f7
 	    if (crcpkt != crc) {
bfc6f7
 		ec = PGPARMOR_ERR_CRC_CHECK;
bfc6f7
+		_free(dec);
bfc6f7
 		goto exit;
bfc6f7
 	    }
bfc6f7
-	    if (pkt) *pkt = dec;
bfc6f7
+	    if (pkt)
bfc6f7
+		*pkt = dec;
bfc6f7
+	    else
bfc6f7
+		_free(dec);
bfc6f7
 	    if (pktlen) *pktlen = declen;
bfc6f7
 	    ec = PGPARMOR_PUBKEY;	/* XXX ASCII Pubkeys only, please. */
bfc6f7
 	    goto exit;
bfc6f7
-- 
bfc6f7
2.31.1
bfc6f7
bfc6f7
From 590b2fc06252567eb7d57197dc361a8b459d62a3 Mon Sep 17 00:00:00 2001
bfc6f7
From: Michal Domonkos <mdomonko@redhat.com>
bfc6f7
Date: Mon, 21 Jun 2021 17:51:14 +0200
bfc6f7
Subject: [PATCH 6/7] Fix memory leak with multiple %lang-s in one line
bfc6f7
bfc6f7
We permit two equivalent forms of specifying a list of languages per
bfc6f7
file:
bfc6f7
bfc6f7
  %lang(xx,yy,zz) /path/to/file
bfc6f7
  %lang(xx) %lang(yy) %lang(zz) /path/to/file
bfc6f7
bfc6f7
The leak was when parsing the second form.
bfc6f7
bfc6f7
Found by Coverity.
bfc6f7
---
bfc6f7
 build/files.c | 2 ++
bfc6f7
 1 file changed, 2 insertions(+)
bfc6f7
bfc6f7
diff --git a/build/files.c b/build/files.c
bfc6f7
index f8153ad2b..0c8859f6c 100644
bfc6f7
--- a/build/files.c
bfc6f7
+++ b/build/files.c
bfc6f7
@@ -777,6 +777,8 @@ static rpmRC parseForLang(char * buf, FileEntry cur)
bfc6f7
 
bfc6f7
 	if (*pe == ',') pe++;	/* skip , if present */
bfc6f7
     }
bfc6f7
+
bfc6f7
+    q = _free(q);
bfc6f7
   }
bfc6f7
 
bfc6f7
     rc = RPMRC_OK;
bfc6f7
-- 
bfc6f7
2.31.1
bfc6f7
bfc6f7
From b7a1e996326ee29a163d67ceb1e6127fdc251c14 Mon Sep 17 00:00:00 2001
bfc6f7
From: Michal Domonkos <mdomonko@redhat.com>
bfc6f7
Date: Fri, 25 Jun 2021 15:15:08 +0200
bfc6f7
Subject: [PATCH 7/7] Fix memory leaks in Lua rex extension
bfc6f7
bfc6f7
This covers the following usage:
bfc6f7
bfc6f7
expr = rex.newPOSIX(<regex>)
bfc6f7
expr:match(<string>)           # A leak occurred here
bfc6f7
expr:gmatch(<string>, <func>)  # A leak occurred here
bfc6f7
bfc6f7
Found by Coverity.
bfc6f7
---
bfc6f7
 luaext/lrexlib.c | 9 ++++++---
bfc6f7
 1 file changed, 6 insertions(+), 3 deletions(-)
bfc6f7
bfc6f7
diff --git a/luaext/lrexlib.c b/luaext/lrexlib.c
bfc6f7
index 09c5a6454..0f29b6371 100644
bfc6f7
--- a/luaext/lrexlib.c
bfc6f7
+++ b/luaext/lrexlib.c
bfc6f7
@@ -80,6 +80,7 @@ static void rex_push_matches(lua_State *L, const char *text, regmatch_t *match,
bfc6f7
 
bfc6f7
 static int rex_match(lua_State *L)
bfc6f7
 {
bfc6f7
+  int rc = 0;
bfc6f7
   int res;
bfc6f7
 #ifdef REG_BASIC
bfc6f7
   size_t len;
bfc6f7
@@ -109,9 +110,10 @@ static int rex_match(lua_State *L)
bfc6f7
     lua_pushstring(L, "n");
bfc6f7
     lua_pushnumber(L, ncapt);
bfc6f7
     lua_rawset(L, -3);
bfc6f7
-    return 3;
bfc6f7
-  } else
bfc6f7
-    return 0;
bfc6f7
+    rc = 3;
bfc6f7
+  }
bfc6f7
+  free(match);
bfc6f7
+  return rc;
bfc6f7
 }
bfc6f7
 
bfc6f7
 static int rex_gmatch(lua_State *L)
bfc6f7
@@ -158,6 +160,7 @@ static int rex_gmatch(lua_State *L)
bfc6f7
       break;
bfc6f7
   }
bfc6f7
   lua_pushnumber(L, nmatch);
bfc6f7
+  free(match);
bfc6f7
   return 1;
bfc6f7
 }
bfc6f7
 
bfc6f7
-- 
bfc6f7
2.31.1
bfc6f7
d8c505
commit 9747a6af016a3458d54fe060777c95e3900b5fa4
d8c505
Author: Demi Marie Obenour <athena@invisiblethingslab.com>
d8c505
Date:   Tue Mar 2 12:47:29 2021 -0500
d8c505
d8c505
    Fix a tiny memory leak
d8c505
    
d8c505
    Found by fuzzing rpmReadPackageFile() with libfuzzer under ASAN.
d8c505
d8c505
diff --git a/lib/headerutil.c b/lib/headerutil.c
d8c505
index 22e36c74d..fab210ff2 100644
d8c505
--- a/lib/headerutil.c
d8c505
+++ b/lib/headerutil.c
d8c505
@@ -333,8 +333,10 @@ static void providePackageNVR(Header h)
d8c505
     rpmds hds, nvrds;
d8c505
 
d8c505
     /* Generate provides for this package name-version-release. */
d8c505
-    if (!(name && pEVR))
d8c505
+    if (!(name && pEVR)) {
d8c505
+	free(pEVR);
d8c505
 	return;
d8c505
+    }
d8c505
 
d8c505
     /*
d8c505
      * Rpm prior to 3.0.3 does not have versioned provides.
d8c505
commit cb2ae4bdf2f60876fdc68e3f84938e9c37182fab
d8c505
Author: Igor Gnatenko <i.gnatenko.brain@gmail.com>
d8c505
Date:   Tue Feb 6 14:50:27 2018 +0100
d8c505
d8c505
    lua: fix memory leak in Pexec()
d8c505
    
d8c505
    Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
d8c505
d8c505
diff --git a/luaext/lposix.c b/luaext/lposix.c
d8c505
index 5d7ad3c87..2730bcff7 100644
d8c505
--- a/luaext/lposix.c
d8c505
+++ b/luaext/lposix.c
d8c505
@@ -348,6 +348,7 @@ static int Pexec(lua_State *L)			/** exec(path,[args]) */
d8c505
 	for (i=1; i
d8c505
 	argv[i] = NULL;
d8c505
 	execvp(path,argv);
d8c505
+	free(argv);
d8c505
 	return pusherror(L, path);
d8c505
 }