From e0ff81088a479f814a9f07a687c88310b4dce071 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Jul 11 2024 12:00:47 +0000 Subject: Fix OpenScanHub findings Resolves: RHEL-22604 Resolves: RHEL-22605 --- diff --git a/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch b/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch new file mode 100644 index 0000000..3d4557c --- /dev/null +++ b/0001-Fix-potential-use-of-uninitialized-pgp-struct.patch @@ -0,0 +1,12 @@ +diff -up rpm-4.16.1.3/lib/rpmts.c.orig rpm-4.16.1.3/lib/rpmts.c +--- rpm-4.16.1.3/lib/rpmts.c.orig 2024-07-11 13:55:35.430198126 +0200 ++++ rpm-4.16.1.3/lib/rpmts.c 2024-07-11 13:55:59.243061182 +0200 +@@ -482,6 +482,8 @@ static int makePubkeyHeader(rpmts ts, rp + int rc = -1; + int i; + ++ memset(&kd, 0, sizeof(kd)); ++ + if ((enc = rpmPubkeyBase64(key)) == NULL) + goto exit; + if ((dig = rpmPubkeyDig(key)) == NULL) diff --git a/0001-Fix-potential-use-of-uninitialized-pipe-array.patch b/0001-Fix-potential-use-of-uninitialized-pipe-array.patch new file mode 100644 index 0000000..dcabc59 --- /dev/null +++ b/0001-Fix-potential-use-of-uninitialized-pipe-array.patch @@ -0,0 +1,32 @@ +From bff65aad8af719542c7b0c6429e09223c014a909 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Thu, 6 Jun 2024 09:15:02 +0200 +Subject: [PATCH] Fix potential use of uninitialized pipe array + +We only call pipe(2) after the script is written to disk so if the +latter fails, the array will be left uninitialized and subsequently read +after skipping to the exit label. Fix by initializing it. + +Found by Coverity. + +Fixes: RHEL-22604 +--- + lib/rpmscript.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rpmscript.c b/lib/rpmscript.c +index 281c55c53..1de4acf8e 100644 +--- a/lib/rpmscript.c ++++ b/lib/rpmscript.c +@@ -316,7 +316,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, + char * fn = NULL; + pid_t pid, reaped; + int status; +- int inpipe[2]; ++ int inpipe[2] = { -1, -1 }; + FILE *in = NULL; + const char *line; + char *mline = NULL; +-- +2.45.2 + diff --git a/rpm.spec b/rpm.spec index 870a971..108e55f 100644 --- a/rpm.spec +++ b/rpm.spec @@ -110,6 +110,8 @@ Patch141: 0001-Fix-a-copy-paste-help-description-of-whatconflicts-R.patch Patch142: 0001-Expose-and-document-rpmdb-verifydb-operation.patch Patch143: 0001-Don-t-segfault-on-missing-priority-tag.patch Patch144: 0001-Use-unsigned-integers-for-buildtime-too-for-Y2K38-sa.patch +Patch145: 0001-Fix-potential-use-of-uninitialized-pipe-array.patch +Patch146: 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch # These are not yet upstream Patch906: rpm-4.7.1-geode-i686.patch @@ -659,6 +661,10 @@ fi %doc doc/librpm/html/* %changelog +* Thu Jul 11 2024 Michal Domonkos - 4.16.1.3-31 +- Fix potential use of uninitialized pipe array (RHEL-22604) +- Fix potential use of uninitialized pgp struct (RHEL-22605) + * Mon Jun 03 2024 Michal Domonkos - 4.16.1.3-30 - Don't segfault on missing priority tag (RHEL-35249) - Use unsigned integers for buildtime too for Y2K38 safety (RHEL-22602)