0.192-6
Add elfutils-0.192-fix-free.patch Resolves: RHEL-83619
This commit is contained in:
Aaron Merey
parent
1e16be3373
commit
96218003db
38
elfutils-0.192-fix-free.patch
Normal file
38
elfutils-0.192-fix-free.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 1be0787d6654ed71bf659e8bfd34895fea7589eb Mon Sep 17 00:00:00 2001
|
||||
From: Aaron Merey <amerey@redhat.com>
|
||||
Date: Fri, 24 Jan 2025 19:43:19 -0500
|
||||
Subject: [PATCH] debuginfod-client.c: Avoid freeing uninitialized value
|
||||
|
||||
debuginfod_validate_imasig might call free on an uninitialized sig_buf
|
||||
due to a goto that can occur before sig_buf is set to NULL.
|
||||
|
||||
Fix this by setting sig_buf to NULL before the goto.
|
||||
|
||||
Signed-off-by: Aaron Merey <amerey@redhat.com>
|
||||
---
|
||||
debuginfod/debuginfod-client.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
|
||||
index deff19ff..d89beae9 100644
|
||||
--- a/debuginfod/debuginfod-client.c
|
||||
+++ b/debuginfod/debuginfod-client.c
|
||||
@@ -1587,6 +1587,7 @@ debuginfod_validate_imasig (debuginfod_client *c, int fd)
|
||||
{
|
||||
int rc = ENOSYS;
|
||||
|
||||
+ char* sig_buf = NULL;
|
||||
EVP_MD_CTX *ctx = NULL;
|
||||
if (!c || !c->winning_headers)
|
||||
{
|
||||
@@ -1594,7 +1595,6 @@ debuginfod_validate_imasig (debuginfod_client *c, int fd)
|
||||
goto exit_validate;
|
||||
}
|
||||
// Extract the HEX IMA-signature from the header
|
||||
- char* sig_buf = NULL;
|
||||
char* hdr_ima_sig = strcasestr(c->winning_headers, "x-debuginfod-imasignature");
|
||||
if (!hdr_ima_sig || 1 != sscanf(hdr_ima_sig + strlen("x-debuginfod-imasignature:"), "%ms", &sig_buf))
|
||||
{
|
||||
--
|
||||
2.48.1
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
|
||||
Name: elfutils
|
||||
Version: 0.192
|
||||
%global baserelease 5
|
||||
%global baserelease 6
|
||||
Release: %{baserelease}%{?dist}
|
||||
URL: http://elfutils.org/
|
||||
%global source_url ftp://sourceware.org/pub/elfutils/%{version}/
|
||||
@ -104,6 +104,9 @@ Patch3: elfutils-0.192-fix-configure-conditional.patch
|
||||
# Skip IMA test not currently supported in RHEL 9.
|
||||
Patch4: elfutils-0.192-skip-ima-test.patch
|
||||
|
||||
# Avoid freeing uninitialized variable.
|
||||
Patch5: elfutils-0.192-fix-free.patch
|
||||
|
||||
%description
|
||||
Elfutils is a collection of utilities, including stack (to show
|
||||
backtraces), nm (for listing symbols from object files), size
|
||||
@ -533,6 +536,9 @@ exit 0
|
||||
%systemd_postun_with_restart debuginfod.service
|
||||
|
||||
%changelog
|
||||
* Fri Mar 14 2025 Aaron Merey <amerey@redhat.com> - 0.192-6
|
||||
- Add elfutils-0.192-fix-free.patch
|
||||
|
||||
* Jan 15 2025 Aaron Merey <amerey@redhat.com> - 0.192-5
|
||||
- Add debuginfod certpath to %files unconditionally
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user