rpms/freeglut
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2024-24258 and CVE-2024-24259

Browse Source 
Resolves: https://issues.redhat.com/browse/RHEL-25175
Resolves: https://issues.redhat.com/browse/RHEL-25177
This commit is contained in:
José Expósito 2024-02-16 10:34:20 +01:00
parent a4844a53db
commit a7210701c2
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
0001-Plug-memory-leak-that-happens-upon-error.patch Normal file
View File

@ -0,0 +1,52 @@
From e9caa2e14eda732d718691a6c4e61d2623adc068 Mon Sep 17 00:00:00 2001
From: Sebastian Rasmussen <sebras@gmail.com>
Date: Mon, 12 Feb 2024 14:46:22 +0800
Subject: [PATCH] Plug memory leak that happens upon error.
If fgStructure.CurrentMenu is set when glutAddMenuEntry() or
glutAddSubMenu() is called the allocated menuEntry variable will
leak. This commit postpones allocating menuEntry until after the
error checks, thereby plugging the memory leak.
This fixes CVE-2024-24258 and CVE-2024-24259.
---
src/fg_menu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/fg_menu.c b/src/fg_menu.c
index 36b24ce6..da7d9010 100644
--- a/src/fg_menu.c
+++ b/src/fg_menu.c
@@ -843,12 +843,12 @@ void FGAPIENTRY glutAddMenuEntry( const char* label, int value )
{
SFG_MenuEntry* menuEntry;
FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddMenuEntry" );
- menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
freeglut_return_if_fail( fgStructure.CurrentMenu );
if (fgState.ActiveMenus)
fgError("Menu manipulation not allowed while menus in use.");
+ menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
menuEntry->Text = strdup( label );
menuEntry->ID = value;
@@ -867,7 +867,6 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
SFG_Menu *subMenu;
FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddSubMenu" );
- menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
subMenu = fgMenuByID( subMenuID );
freeglut_return_if_fail( fgStructure.CurrentMenu );
@@ -876,6 +875,7 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
freeglut_return_if_fail( subMenu );
+ menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
menuEntry->Text = strdup( label );
menuEntry->SubMenu = subMenu;
menuEntry->ID = -1;
--
2.43.1

9
freeglut.spec
View File

@ -1,11 +1,12 @@
Summary: A freely licensed alternative to the GLUT library
Name: freeglut
Version: 3.0.0
Release: 8%{?dist}
Release: 9%{?dist}
URL: http://freeglut.sourceforge.net
Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
# For the manpages
Source1: https://downloads.sourceforge.net/openglut/openglut-0.6.3-doc.tar.gz
Patch0: 0001-Plug-memory-leak-that-happens-upon-error.patch
License: MIT
Group: System Environment/Libraries
@ -49,6 +50,7 @@ license.
%prep
%setup -q -a 1
%patch -P 0 -p1
%build
%{cmake} -DFREEGLUT_BUILD_STATIC_LIBS=OFF .
@ -81,6 +83,11 @@ install -p -m 644 doc/man/*.3 $RPM_BUILD_ROOT/%{_mandir}/man3
%changelog
* Thu Feb 15 2024 José Expósito <jexposit@redhat.com> - 3.0.0-9
- Fix CVE-2024-24258 and CVE-2024-24259
Resolves: https://issues.redhat.com/browse/RHEL-25175
Resolves: https://issues.redhat.com/browse/RHEL-25177
* Tue May 01 2018 Adam Jackson <ajax@redhat.com> - 3.0.0-8
- HTTPS URLs
- Pin soname to libglut.so.3 in the %%files glob