Fix use-after-free error in babeltrace

popt-1.19 commit 7182e4618ad5a0186145fc2aa4a98c2229afdfa8 includes a patch to free the memory returned by poptGetArg. This introduced a use-after-free in babeltrace.c:main(). See bug for complete description. Resolves: rhbz#2126067
2022-09-15 14:11:39 -07:00 · 2022-09-15 14:11:39 -07:00 · d48452beff
commit d48452beff
parent f5b5fb44ee
2 changed files with 38 additions and 1 deletions
--- a/babeltrace-rhbz2126067-use-after-free.patch
+++ b/babeltrace-rhbz2126067-use-after-free.patch
@ -0,0 +1,32 @@
+*** babeltrace-1.5.8/converter/babeltrace.c.orig	2022-09-15 12:36:49.826369817 -0700
+--- babeltrace-1.5.8/converter/babeltrace.c	2022-09-15 13:48:21.642157222 -0700
+*************** static int parse_options(int argc, char
+*** 449,455 ****
+  	do {
+  		ipath = poptGetArg(pc);
+  		if (ipath)
+! 			g_ptr_array_add(opt_input_paths, (gpointer) ipath);
+  	} while (ipath);
+  	if (opt_input_paths->len == 0) {
+  		ret = -EINVAL;
+--- 449,455 ----
+  	do {
+  		ipath = poptGetArg(pc);
+  		if (ipath)
+! 			g_ptr_array_add(opt_input_paths, (gpointer) strdup(ipath));
+  	} while (ipath);
+  	if (opt_input_paths->len == 0) {
+  		ret = -EINVAL;
+*************** end:
+*** 880,885 ****
+--- 880,889 ----
+  	free(opt_output_path);
+  	free(opt_debug_info_dir);
+  	free(opt_debug_info_target_prefix);
+ 	for (i = 0; i < opt_input_paths->len; i++) {
+ 		char *ipath = g_ptr_array_index(opt_input_paths, i);
+ 		free(ipath);
+ 	}
+  	g_ptr_array_free(opt_input_paths, TRUE);
+  	if (partial_error)
+  		exit(EXIT_FAILURE);
--- a/babeltrace.spec
+++ b/babeltrace.spec
@ -1,6 +1,6 @@
 Name:           babeltrace
 Version:        1.5.8
-Release:        12%{?dist}
+Release:        13%{?dist}
 Summary:        Trace Viewer and Converter, mainly for the Common Trace Format
 License:        MIT and GPLv2
 URL:            https://www.efficios.com/babeltrace
@ -10,6 +10,7 @@ Source1:        https://www.efficios.com/files/%{name}/%{name}-%{version}.tar.bz
 Source2:        gpgkey-7F49314A26E0DE78427680E05F1B2A0789F12B11.gpg
 Patch0:         python39.patch
 Patch1:         babeltrace-getaddrinfo.patch
+Patch2:         babeltrace-rhbz2126067-use-after-free.patch

 BuildRequires:  bison >= 2.4
 BuildRequires:  flex >= 2.5.35
@ -117,6 +118,10 @@ rm -f %{buildroot}/%{_pkgdocdir}/std-ext-lib.txt


 %changelog
+* Fri Sep 16 2022 Keith Seitz - 1.5.8-13
+- Add use-after-free patch for popt-1.19 update.
+  (Keith Seitz, RHBZ 2126067)
+
 * Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.8-12
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild