rpms/gdbm
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Address SAST findings

Browse Source 
Resolves: RHEL-43449
This commit is contained in:
Filip Janus 2024-07-25 09:59:56 +02:00
parent aefa8eb72a
commit 7fac07adfe
2 changed files with 71 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
SAST.patch Normal file
View File

@ -0,0 +1,63 @@
diff -ur -x 'cscope.*' -x '*.swp' gdbm-1.23/src/recover.c gdbm_patched/src/recover.c
--- gdbm-1.23/src/recover.c 2022-01-06 13:36:37.000000000 +0100
+++ gdbm_patched/src/recover.c 2024-07-22 13:27:36.000000000 +0200
@@ -143,13 +143,19 @@
/* Fix up DBF to have the correct information for the new file. */
if (dbf->file_locking)
_gdbm_unlock_file (dbf);
- close (dbf->desc);
- free (dbf->header);
- free (dbf->dir);
_gdbm_cache_flush (dbf);
_gdbm_cache_free (dbf);
+// SAST patch
+// in the worst case _gdbm_cache_flush would return -1
+// but the return value is ignored, so there should not be any change in the
+// behavior or semantic of the function
+
+ close (dbf->desc);
+ free (dbf->header);
+ free (dbf->dir);
+
dbf->lock_type = new_dbf->lock_type;
dbf->desc = new_dbf->desc;
dbf->header = new_dbf->header;
diff -ur -x 'cscope.*' -x '*.swp' gdbm-1.23/tools/gdbmshell.c gdbm_patched/tools/gdbmshell.c
--- gdbm-1.23/tools/gdbmshell.c 2022-01-09 21:29:55.000000000 +0100
+++ gdbm_patched/tools/gdbmshell.c 2024-07-22 13:51:23.000000000 +0200
@@ -1197,6 +1197,10 @@
else
/* TRANSLATORS: Stands for "Not Available". */
fprintf (fp, " %s", _("N/A"));
+
+ // SAST patch
+ // database file dbf has never been closed
+ gdbm_close(dbf);
}
else if (gdbm_check_syserr (gdbm_errno))
{
@@ -1312,8 +1316,22 @@
else
{
terror (_("unexpected error code: %d"), rc);
+ // SAST patch
+ // sa and sb variable are not properly deallocated
+ // since tildexpand function and it's underlying functions calls
+ // ealloc leading to exit after unsuccessful malloc, then it not
+ // necessary to control sa and sb for NULL
+ free (sa);
+ free (sb);
return GDBMSHELL_ERR;
}
+ // SAST patch
+ // sa and sb variable are not properly deallocated
+ // since tildexpand function and it's underlying functions calls
+ // ealloc leading to exit after unsuccessful malloc, then it not
+ // necessary to control sa and sb for NULL
+ free (sa);
+ free (sb);
return GDBMSHELL_OK;
}

9
gdbm.spec
View File

@ -3,13 +3,15 @@
Summary: A GNU set of database routines which use extensible hashing Summary: A GNU set of database routines which use extensible hashing
Name: gdbm Name: gdbm
Version: 1.23 Version: 1.23
Release: 7%{?dist} Release: 8%{?dist}
Epoch: 1 Epoch: 1
License: GPL-3.0-or-later License: GPL-3.0-or-later
URL: http://www.gnu.org/software/gdbm/ URL: http://www.gnu.org/software/gdbm/
Source: http://ftp.gnu.org/gnu/gdbm/gdbm-%{version}.tar.gz Source: http://ftp.gnu.org/gnu/gdbm/gdbm-%{version}.tar.gz
Patch0: SAST.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libtool BuildRequires: libtool
BuildRequires: gettext BuildRequires: gettext
@ -57,6 +59,8 @@ gdbm database library. You'll also need to install the gdbm package.
%prep %prep
%setup -q %setup -q
%patch -P0 -p1
%build %build
%configure \ %configure \
--disable-static \ --disable-static \
@ -112,6 +116,9 @@ make check
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Thu Jul 25 2024 Filip Janus <fjanus@redhat.com> - 1:1.23-8
- Address issues from static analysis
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:1.23-7 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:1.23-7
- Bump release for June 2024 mass rebuild - Bump release for June 2024 mass rebuild