From cf40258eebe33848772df45ec01469f77e1193f3 Mon Sep 17 00:00:00 2001 From: Vincent Mihalkovic Date: Mon, 27 Apr 2026 14:14:35 +0200 Subject: [PATCH] Fix race condition in magic_getpath() for thread safety Resolves: RHEL-93189 --- file-5.48-magic-getpath-race.patch | 75 ++++++++++++++++++++++++++++++ file.spec | 9 +++- 2 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 file-5.48-magic-getpath-race.patch diff --git a/file-5.48-magic-getpath-race.patch b/file-5.48-magic-getpath-race.patch new file mode 100644 index 0000000..9d9222a --- /dev/null +++ b/file-5.48-magic-getpath-race.patch @@ -0,0 +1,75 @@ +From: Christos Zoulas +Date: Wed, 15 Apr 2026 16:53:39 +0000 +Subject: PR/753: vmihalko: Fix race is magic_getpath() + +# Upstream-commit: fa66260f9a52dba5c3a64e7d69485d24af4cd369 +# https://github.com/file/file/commit/fa66260f9a52dba5c3a64e7d69485d24af4cd369 +diff --git a/src/magic.c b/src/magic.c +index 89f4e16..74b77f1 100644 +--- a/src/magic.c ++++ b/src/magic.c +@@ -72,7 +72,7 @@ FILE_RCSID("@(#)$File: magic.c,v 1.113 2020/12/08 21:26:00 christos Exp $") + private void close_and_restore(const struct magic_set *, const char *, int, + const struct stat *); + private int unreadable_info(struct magic_set *, mode_t, const char *); +-private const char* get_default_magic(void); ++private const char *get_default_magic(void); + #ifndef COMPILE_ONLY + private const char *file_or_fd(struct magic_set *, const char *, int); + #endif +@@ -174,15 +174,11 @@ get_default_magic(void) + { + static const char hmagic[] = "/.magic/magic.mgc"; + static char *default_magic; +- char *home, *hmagicpath; ++ char *home, *hmagicpath, *tmp_magic; + + #ifndef WIN32 + struct stat st; + +- if (default_magic) { +- free(default_magic); +- default_magic = NULL; +- } + if ((home = getenv("HOME")) == NULL) + return MAGIC; + +@@ -203,9 +199,12 @@ get_default_magic(void) + } + } + +- if (asprintf(&default_magic, "%s:%s", hmagicpath, MAGIC) < 0) ++ if (asprintf(&tmp_magic, "%s:%s", hmagicpath, MAGIC) < 0) + goto out; + free(hmagicpath); ++ hmagicpath = default_magic; ++ default_magic = tmp_magic; ++ free(hmagicpath); + return default_magic; + out: + default_magic = NULL; +@@ -214,11 +213,6 @@ out: + #else + hmagicpath = NULL; + +- if (default_magic) { +- free(default_magic); +- default_magic = NULL; +- } +- + /* First, try to get a magic file from user-application data */ + if ((home = getenv("LOCALAPPDATA")) != NULL) + _w32_append_path(&hmagicpath, "%s%s", home, hmagic); +@@ -239,7 +233,9 @@ out: + _w32_get_magic_relative_to(&hmagicpath, _w32_dll_instance); + + /* Avoid MAGIC constant - it likely points to a file within MSys tree */ ++ tmp_magic = default_magic; + default_magic = hmagicpath; ++ free(tmp_magic); + return default_magic; + #endif + } +-- +2.53.0 + diff --git a/file.spec b/file.spec index b2972f1..8a39339 100644 --- a/file.spec +++ b/file.spec @@ -15,7 +15,7 @@ Summary: Utility for determining file types Name: file Version: 5.39 -Release: 17%{?dist} +Release: 18%{?dist} License: BSD Source0: http://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -64,6 +64,9 @@ Patch17: file-5.41-python-magic-threads.patch Patch18: file-5.42-cve-strlcpy.patch # Upstream commit 141dde1fe573e6c42800d12affb94c927b44da3e Patch19: file-5.43-python.patch +# Upstream commit fa66260f9a52dba5c3a64e7d69485d24af4cd369 +# https://github.com/file/file/commit/fa66260f9a52dba5c3a64e7d69485d24af4cd369 +Patch20: file-5.48-magic-getpath-race.patch URL: https://www.darwinsys.com/file/ Requires: file-libs%{?_isa} = %{version}-%{release} @@ -243,6 +246,10 @@ cd %{py3dir} %endif %changelog +* Mon Apr 27 2026 Vincent Mihalkovic - 5.39-18 +- Fix race condition in magic_getpath() for thread safety + Resolves: RHEL-93189 + * Mon Feb 23 2026 Vincent Mihalkovic - 5.39-17 - Fix TypeError: 'NoneType' object is not callable in magic.close() Resolves: RHEL-136523