Fix memory leaks in parse_entitlement_data()

Resolves: RHEL-25499
2024-04-10 13:03:44 +02:00 · 2024-04-10 13:03:44 +02:00 · bf2220747d
commit bf2220747d
parent 8467e68dd9
2 changed files with 42 additions and 1 deletions
--- a/0006-Refactor-parse_entitlement_data.patch
+++ b/0006-Refactor-parse_entitlement_data.patch
@ -0,0 +1,37 @@
+From 5e0674cf389f14174208641ec411ba7be448d5e3 Mon Sep 17 00:00:00 2001
+From: Marek Blaha <mblaha@redhat.com>
+Date: Fri, 18 Jun 2021 07:48:16 +0200
+Subject: [PATCH] Refactor parse_entitlement_data()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This change is meant to silence alerts from static code analysis. It
+also makes the *ent variable freeing slightly more clear.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ rhsm/rhsm-entitlement-certificate.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rhsm/rhsm-entitlement-certificate.c b/rhsm/rhsm-entitlement-certificate.c
+index 5d37732..aa4dd7e 100644
+--- a/rhsm/rhsm-entitlement-certificate.c
+++ b/rhsm/rhsm-entitlement-certificate.c
+@@ -140,11 +140,11 @@ parse_entitlement_data (const gchar  *data,
+     }
+ 
+   gsize hlen = strlen (ENTITLEMENT_DATA_HEADER);
+-  gchar *ent = g_strndup (start + hlen, end - start - hlen);
+  g_autofree gchar *ent = g_strndup (start + hlen, end - start - hlen);
+ 
+   gsize zlen = 0;
+   guchar *zdata = g_base64_decode_inplace (ent, &zlen);
+-  g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, g_free);
+  g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, NULL);
+   g_autoptr(GZlibDecompressor) decompressor = g_zlib_decompressor_new (G_ZLIB_COMPRESSOR_FORMAT_ZLIB);
+   g_autoptr(GInputStream) cstream = g_converter_input_stream_new (zstream, G_CONVERTER (decompressor));
+   g_autoptr(JsonParser) parser = json_parser_new_immutable ();
+-- 
+2.44.0
+
--- a/librhsm.spec
+++ b/librhsm.spec
@ -1,6 +1,6 @@
 Name:           librhsm
 Version:        0.0.3
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        Red Hat Subscription Manager library

 License:        LGPLv2+
@ -13,6 +13,7 @@ Patch0002:      0002-Generate-repofile-for-any-architecture-if-ALL-is-spe.patch
 Patch0003:      0003-Enable-repos-when-generating-a-.repo-file-based-on-e.patch
 Patch0004:      0004-Append-ctx_baseurl-prefix-to-gpg_url-RhBug-1708628.patch
 Patch0005:      0005-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch
+Patch0006:      0006-Refactor-parse_entitlement_data.patch

 BuildRequires:  meson >= 0.37.0
 BuildRequires:  gcc
@ -53,6 +54,9 @@ Requires:       %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+* Wed Apr 10 2024 Petr Pisar <ppisar@redhat.com> - 0.0.3-9
+- Fix memory leaks in parse_entitlement_data() (RHEL-25499)
+
 * Tue Nov 21 2023 Petr Pisar <ppisar@redhat.com> - 0.0.3-8
 - Correct a License tag to LGPLv2+ (RHEL-16103)
 - Fix relocating certificate paths to /etc/rhsm-host (RHEL-14224)