From 7fac07adfe59be97d667351e36cdad81142f78a4 Mon Sep 17 00:00:00 2001
From: Filip Janus <fjanus@redhat.com>
Date: Thu, 25 Jul 2024 09:59:56 +0200
Subject: [PATCH] Address SAST findings Resolves: RHEL-43449

---
 SAST.patch | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 gdbm.spec  |  9 +++++++-
 2 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 SAST.patch

diff --git a/SAST.patch b/SAST.patch
new file mode 100644
index 0000000..0b7da84
--- /dev/null
+++ b/SAST.patch
@@ -0,0 +1,63 @@
+diff -ur -x 'cscope.*' -x '*.swp' gdbm-1.23/src/recover.c gdbm_patched/src/recover.c
+--- gdbm-1.23/src/recover.c	2022-01-06 13:36:37.000000000 +0100
++++ gdbm_patched/src/recover.c	2024-07-22 13:27:36.000000000 +0200
+@@ -143,13 +143,19 @@
+   /* Fix up DBF to have the correct information for the new file. */
+   if (dbf->file_locking)
+     _gdbm_unlock_file (dbf);
+-  close (dbf->desc);
+-  free (dbf->header);
+-  free (dbf->dir);
+ 
+   _gdbm_cache_flush (dbf);
+   _gdbm_cache_free (dbf);
+ 
++// SAST patch
++// in the worst case _gdbm_cache_flush would return -1
++// but the return value is ignored, so there should not be any change in the
++// behavior or semantic of the function
++ 
++  close (dbf->desc);
++  free (dbf->header);
++  free (dbf->dir);
++
+   dbf->lock_type         = new_dbf->lock_type;
+   dbf->desc              = new_dbf->desc;
+   dbf->header            = new_dbf->header;
+diff -ur -x 'cscope.*' -x '*.swp' gdbm-1.23/tools/gdbmshell.c gdbm_patched/tools/gdbmshell.c
+--- gdbm-1.23/tools/gdbmshell.c	2022-01-09 21:29:55.000000000 +0100
++++ gdbm_patched/tools/gdbmshell.c	2024-07-22 13:51:23.000000000 +0200
+@@ -1197,6 +1197,10 @@
+ 	      else
+ 		/* TRANSLATORS: Stands for "Not Available". */
+ 		fprintf (fp, " %s", _("N/A"));
++
++	      // SAST patch
++	      // database file dbf has never been closed
++	      gdbm_close(dbf);
+ 	    }
+ 	  else if (gdbm_check_syserr (gdbm_errno))
+ 	    {
+@@ -1312,8 +1316,22 @@
+   else
+     {
+       terror (_("unexpected error code: %d"), rc);
++      // SAST patch
++      // sa and sb variable are not properly deallocated
++      // since tildexpand function and it's underlying functions calls
++      // ealloc leading to exit after unsuccessful malloc, then it not
++      // necessary to control sa and sb for NULL
++      free (sa);
++      free (sb);
+       return GDBMSHELL_ERR;
+     }
++  // SAST patch
++  // sa and sb variable are not properly deallocated
++  // since tildexpand function and it's underlying functions calls
++  // ealloc leading to exit after unsuccessful malloc, then it not
++  // necessary to control sa and sb for NULL
++  free (sa);
++  free (sb);
+   return GDBMSHELL_OK;
+ }
+ 
diff --git a/gdbm.spec b/gdbm.spec
index d7d21ad..54c5595 100644
--- a/gdbm.spec
+++ b/gdbm.spec
@@ -3,13 +3,15 @@
 Summary: A GNU set of database routines which use extensible hashing
 Name: gdbm
 Version: 1.23
-Release: 7%{?dist}
+Release: 8%{?dist}
 Epoch: 1
 License: GPL-3.0-or-later
 URL: http://www.gnu.org/software/gdbm/
 
 Source: http://ftp.gnu.org/gnu/gdbm/gdbm-%{version}.tar.gz
 
+Patch0: SAST.patch
+
 BuildRequires: gcc
 BuildRequires: libtool
 BuildRequires: gettext
@@ -57,6 +59,8 @@ gdbm database library.  You'll also need to install the gdbm package.
 %prep
 %setup -q
 
+%patch -P0 -p1
+
 %build
 %configure \
     --disable-static \
@@ -112,6 +116,9 @@ make check
 %{_mandir}/man3/*
 
 %changelog
+* Thu Jul 25 2024 Filip Janus <fjanus@redhat.com> - 1:1.23-8
+- Address issues from static analysis
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:1.23-7
 - Bump release for June 2024 mass rebuild