Fix race condition in magic_getpath() for thread safety

Resolves: RHEL-93189
2026-04-27 14:14:35 +02:00 · 2026-04-27 14:14:35 +02:00 · cf40258eeb
commit cf40258eeb
parent ddb3ff580d
2 changed files with 83 additions and 1 deletions
--- a/file-5.48-magic-getpath-race.patch
+++ b/file-5.48-magic-getpath-race.patch
@ -0,0 +1,75 @@
+From: Christos Zoulas <christos@zoulas.com>
+Date: Wed, 15 Apr 2026 16:53:39 +0000
+Subject: PR/753: vmihalko: Fix race is magic_getpath()
+
+# Upstream-commit: fa66260f9a52dba5c3a64e7d69485d24af4cd369
+# https://github.com/file/file/commit/fa66260f9a52dba5c3a64e7d69485d24af4cd369
+diff --git a/src/magic.c b/src/magic.c
+index 89f4e16..74b77f1 100644
+--- a/src/magic.c
+++ b/src/magic.c
+@@ -72,7 +72,7 @@ FILE_RCSID("@(#)$File: magic.c,v 1.113 2020/12/08 21:26:00 christos Exp $")
+ private void close_and_restore(const struct magic_set *, const char *, int,
+     const struct stat *);
+ private int unreadable_info(struct magic_set *, mode_t, const char *);
+-private const char* get_default_magic(void);
+private const char *get_default_magic(void);
+ #ifndef COMPILE_ONLY
+ private const char *file_or_fd(struct magic_set *, const char *, int);
+ #endif
+@@ -174,15 +174,11 @@ get_default_magic(void)
+ {
+ 	static const char hmagic[] = "/.magic/magic.mgc";
+ 	static char *default_magic;
+-	char *home, *hmagicpath;
+	char *home, *hmagicpath, *tmp_magic;
+ 
+ #ifndef WIN32
+ 	struct stat st;
+ 
+-	if (default_magic) {
+-		free(default_magic);
+-		default_magic = NULL;
+-	}
+ 	if ((home = getenv("HOME")) == NULL)
+ 		return MAGIC;
+ 
+@@ -203,9 +199,12 @@ get_default_magic(void)
+ 		}
+ 	}
+ 
+-	if (asprintf(&default_magic, "%s:%s", hmagicpath, MAGIC) < 0)
+	if (asprintf(&tmp_magic, "%s:%s", hmagicpath, MAGIC) < 0)
+ 		goto out;
+ 	free(hmagicpath);
+	hmagicpath = default_magic;
+	default_magic = tmp_magic;
+	free(hmagicpath);
+ 	return default_magic;
+ out:
+ 	default_magic = NULL;
+@@ -214,11 +213,6 @@ out:
+ #else
+ 	hmagicpath = NULL;
+ 
+-	if (default_magic) {
+-		free(default_magic);
+-		default_magic = NULL;
+-	}
+-
+ 	/* First, try to get a magic file from user-application data */
+ 	if ((home = getenv("LOCALAPPDATA")) != NULL)
+ 		_w32_append_path(&hmagicpath, "%s%s", home, hmagic);
+@@ -239,7 +233,9 @@ out:
+         _w32_get_magic_relative_to(&hmagicpath, _w32_dll_instance);
+ 
+ 	/* Avoid MAGIC constant - it likely points to a file within MSys tree */
+	tmp_magic = default_magic;
+ 	default_magic = hmagicpath;
+	free(tmp_magic);
+ 	return default_magic;
+ #endif
+ }
+-- 
+2.53.0
+
--- a/file.spec
+++ b/file.spec
@ -15,7 +15,7 @@
 Summary: Utility for determining file types
 Name: file
 Version: 5.39
-Release: 17%{?dist}
+Release: 18%{?dist}
 License: BSD
 Source0: http://ftp.astron.com/pub/file/file-%{version}.tar.gz

@ -64,6 +64,9 @@ Patch17: file-5.41-python-magic-threads.patch
 Patch18: file-5.42-cve-strlcpy.patch
 # Upstream commit 141dde1fe573e6c42800d12affb94c927b44da3e
 Patch19: file-5.43-python.patch
+# Upstream commit fa66260f9a52dba5c3a64e7d69485d24af4cd369
+# https://github.com/file/file/commit/fa66260f9a52dba5c3a64e7d69485d24af4cd369
+Patch20: file-5.48-magic-getpath-race.patch

 URL: https://www.darwinsys.com/file/
 Requires: file-libs%{?_isa} = %{version}-%{release}
@ -243,6 +246,10 @@ cd %{py3dir}
 %endif

 %changelog
+* Mon Apr 27 2026 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-18
+- Fix race condition in magic_getpath() for thread safety
+  Resolves: RHEL-93189
+
 * Mon Feb 23 2026 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-17
 - Fix TypeError: 'NoneType' object is not callable in magic.close()
  Resolves: RHEL-136523