diff --git a/SOURCES/rpcbind-1.2.5-double-free.patch b/SOURCES/rpcbind-1.2.5-double-free.patch new file mode 100644 index 0000000..1f42092 --- /dev/null +++ b/SOURCES/rpcbind-1.2.5-double-free.patch @@ -0,0 +1,15 @@ +diff -up rpcbind-1.2.5/src/rpcbind.c.orig rpcbind-1.2.5/src/rpcbind.c +--- rpcbind-1.2.5/src/rpcbind.c.orig 2022-08-04 15:56:21.398070276 -0400 ++++ rpcbind-1.2.5/src/rpcbind.c 2022-08-04 15:56:57.255699229 -0400 +@@ -563,8 +563,10 @@ init_transport(struct netconfig *nconf) + syslog(LOG_ERR, "cannot bind %s on %s: %m", + (hosts[nhostsbak] == NULL) ? "*" : + hosts[nhostsbak], nconf->nc_netid); +- if (res != NULL) ++ if (res != NULL) { + freeaddrinfo(res); ++ res = NULL; ++ } + continue; + } else + checkbind++; diff --git a/SPECS/rpcbind.spec b/SPECS/rpcbind.spec index 9a3cd13..f4aa243 100644 --- a/SPECS/rpcbind.spec +++ b/SPECS/rpcbind.spec @@ -4,7 +4,7 @@ Name: rpcbind Version: 1.2.5 -Release: 9%{?dist} +Release: 10%{?dist} Summary: Universal Addresses to RPC Program Number Mapper Group: System Environment/Daemons License: BSD @@ -41,6 +41,7 @@ Patch003: rpcbind-1.2.5-dowgrade-priority-callit.patch # RHEL 8.7 # Patch004: rpcbind-1.2.5-network_init.patch +Patch005: rpcbind-1.2.5-double-free.patch Patch100: rpcbind-0.2.3-systemd-envfile.patch Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch @@ -71,6 +72,9 @@ RPC calls on a server on that machine. # 1959003 - network_init: initialize response addrinfo list to NULL %patch004 -p1 +# 2115209 - rpcbind: free(): double free detected in tcache 2 +%patch005 -p1 + %patch100 -p1 %patch101 -p1 %patch102 -p1 @@ -165,6 +169,9 @@ fi %attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir} %changelog +* Thu Aug 4 2022 Steve Dickson - 1.2.5-10 +- rpcbind: fix double free in init_transport (bz 2115209) + * Tue May 31 2022 Steve Dickson - 1.2.5-9 - network_init: initialize response addrinfo list to NULL (bz 1959003)