From ef50169abea7f4a0efff1a19306ad081a7a0b72e Mon Sep 17 00:00:00 2001 From: Roman Rakus Date: Thu, 31 Jan 2013 15:57:12 +0100 Subject: [PATCH] Fix fd leaks Resolves: #903833 Signed-off-by: Roman Rakus --- bash-4.2-missing_closes.patch | 39 +++++++++++++++++++++++++++++++++++ bash.spec | 10 ++++++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 bash-4.2-missing_closes.patch diff --git a/bash-4.2-missing_closes.patch b/bash-4.2-missing_closes.patch new file mode 100644 index 0000000..8dfd1d4 --- /dev/null +++ b/bash-4.2-missing_closes.patch @@ -0,0 +1,39 @@ +There are missing calls of close() leading to resource leak (fd leak). +Simple reproducer: +. / +and /proc/$$/fd contain one open fd for each above call + +Signed-off-by: Roman Rakus +--- + builtins/evalfile.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/builtins/evalfile.c b/builtins/evalfile.c +index 60f89d1..d30bd96 100644 +--- a/builtins/evalfile.c ++++ b/builtins/evalfile.c +@@ -133,11 +133,13 @@ file_error_and_exit: + if (S_ISDIR (finfo.st_mode)) + { + (*errfunc) (_("%s: is a directory"), filename); ++ close(fd); + return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE : -1); + } + else if ((flags & FEVAL_REGFILE) && S_ISREG (finfo.st_mode) == 0) + { + (*errfunc) (_("%s: not a regular file"), filename); ++ close(fd); + return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE : -1); + } + +@@ -146,6 +148,7 @@ file_error_and_exit: + if (file_size != finfo.st_size || file_size + 1 < file_size) + { + (*errfunc) (_("%s: file is too large"), filename); ++ close(fd); + return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE : -1); + } + +-- +1.7.11.7 + diff --git a/bash.spec b/bash.spec index fe56b19..9b1ca42 100644 --- a/bash.spec +++ b/bash.spec @@ -6,7 +6,7 @@ Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell -Release: 1%{?dist} +Release: 2%{?dist} Group: System Environment/Shells License: GPLv3+ Url: http://www.gnu.org/software/bash @@ -109,6 +109,9 @@ Patch124: bash-4.2-signal.patch # https://www.securecoding.cert.org/confluence/display/seccode/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow Patch125: bash-4.2-size_type.patch +# 903833, Fix missing close(), fixes fd leaks +Patch126: bash-4.2-missing_closes.patch + BuildRequires: texinfo bison BuildRequires: ncurses-devel BuildRequires: autoconf, gettext @@ -206,6 +209,7 @@ This package contains documentation files for %{name}. %patch123 -p1 %patch124 -p1 -b .signal %patch125 -p1 -b .size_type +%patch126 -p1 -b .missing_closes echo %{version} > _distribution echo %{release} > _patchlevel @@ -398,6 +402,10 @@ end #%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt %changelog +* Thu Jan 31 2013 Roman Rakus - 4.2.42-2 +- Fix fd leaks + Resolves: #903833 + * Thu Jan 03 2013 Roman Rakus - 4.2.42-1 - Patchlevel 42