From 72b3da72e8f11ba1730335e79a0bec99d6645262 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 27 May 2021 17:16:12 -0400 Subject: [PATCH] Backport https://github.com/containers/bubblewrap/pull/426 Resolves: rhbz#1938688 --- ...k-if-args-is-specified-multiple-time.patch | 39 +++++++++++++++++++ bubblewrap.spec | 6 ++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch diff --git a/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch b/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch new file mode 100644 index 0000000..9a11a57 --- /dev/null +++ b/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch @@ -0,0 +1,39 @@ +From d70c640aecc30e9216dc1a614a207e85c8732036 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Thu, 27 May 2021 16:19:27 -0400 +Subject: [PATCH] Avoid memory leak if --args is specified multiple times + +Found by a static analyzer. + +``` +bubblewrap-0.4.1/bubblewrap.c:1500: overwrite_var: Overwriting "opt_args_data" in "opt_args_data = load_file_data(the_fd, &data_len)" leaks the storage that "opt_args_data" points to. + # 1498| * keep allocated until exit time, since its argv entries get used + # 1499| * by the other cases in parse_args_recurse() when we recurse. */ + # 1500|-> opt_args_data = load_file_data (the_fd, &data_len); + # 1501| if (opt_args_data == NULL) + # 1502| die_with_error ("Can't read --args data"); +``` +--- + bubblewrap.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/bubblewrap.c b/bubblewrap.c +index 771e1ea..56ac07c 100644 +--- a/bubblewrap.c ++++ b/bubblewrap.c +@@ -1494,6 +1494,12 @@ parse_args_recurse (int *argcp, + if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0) + die ("Invalid fd: %s", argv[1]); + ++ /* Specifying --args multiple times doesn't work; this just pacifies ++ * a static analyzer which pointed out the memory leak ++ */ ++ if (opt_args_data != NULL) ++ free (opt_args_data); ++ + /* opt_args_data is essentially a recursive argv array, which we must + * keep allocated until exit time, since its argv entries get used + * by the other cases in parse_args_recurse() when we recurse. */ +-- +2.31.1 + diff --git a/bubblewrap.spec b/bubblewrap.spec index 4422671..486c83b 100644 --- a/bubblewrap.spec +++ b/bubblewrap.spec @@ -1,12 +1,13 @@ Name: bubblewrap Version: 0.4.1 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Core execution tool for unprivileged containers License: LGPLv2+ #VCS: git:https://github.com/projectatomic/bubblewrap URL: https://github.com/projectatomic/bubblewrap Source0: https://github.com/projectatomic/bubblewrap/releases/download/v%{version}/bubblewrap-%{version}.tar.xz +Patch0: 0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch BuildRequires: autoconf automake libtool BuildRequires: gcc @@ -46,6 +47,9 @@ find %{buildroot} -name '*.la' -delete -print %{_mandir}/man1/* %changelog +* Thu May 27 2021 Colin Walters - 0.4.1-5 +- Backport https://github.com/containers/bubblewrap/pull/426 + * Thu Apr 15 2021 Mohan Boddu - 0.4.1-4 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937