From bf2220747d150d79be10852ee5e990f99d7f2a77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Wed, 10 Apr 2024 13:03:44 +0200 Subject: [PATCH] Fix memory leaks in parse_entitlement_data() Resolves: RHEL-25499 --- 0006-Refactor-parse_entitlement_data.patch | 37 ++++++++++++++++++++++ librhsm.spec | 6 +++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 0006-Refactor-parse_entitlement_data.patch diff --git a/0006-Refactor-parse_entitlement_data.patch b/0006-Refactor-parse_entitlement_data.patch new file mode 100644 index 0000000..1babc6d --- /dev/null +++ b/0006-Refactor-parse_entitlement_data.patch @@ -0,0 +1,37 @@ +From 5e0674cf389f14174208641ec411ba7be448d5e3 Mon Sep 17 00:00:00 2001 +From: Marek Blaha +Date: Fri, 18 Jun 2021 07:48:16 +0200 +Subject: [PATCH] Refactor parse_entitlement_data() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This change is meant to silence alerts from static code analysis. It +also makes the *ent variable freeing slightly more clear. + +Signed-off-by: Petr Písař +--- + rhsm/rhsm-entitlement-certificate.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rhsm/rhsm-entitlement-certificate.c b/rhsm/rhsm-entitlement-certificate.c +index 5d37732..aa4dd7e 100644 +--- a/rhsm/rhsm-entitlement-certificate.c ++++ b/rhsm/rhsm-entitlement-certificate.c +@@ -140,11 +140,11 @@ parse_entitlement_data (const gchar *data, + } + + gsize hlen = strlen (ENTITLEMENT_DATA_HEADER); +- gchar *ent = g_strndup (start + hlen, end - start - hlen); ++ g_autofree gchar *ent = g_strndup (start + hlen, end - start - hlen); + + gsize zlen = 0; + guchar *zdata = g_base64_decode_inplace (ent, &zlen); +- g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, g_free); ++ g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, NULL); + g_autoptr(GZlibDecompressor) decompressor = g_zlib_decompressor_new (G_ZLIB_COMPRESSOR_FORMAT_ZLIB); + g_autoptr(GInputStream) cstream = g_converter_input_stream_new (zstream, G_CONVERTER (decompressor)); + g_autoptr(JsonParser) parser = json_parser_new_immutable (); +-- +2.44.0 + diff --git a/librhsm.spec b/librhsm.spec index f67d410..9446ea8 100644 --- a/librhsm.spec +++ b/librhsm.spec @@ -1,6 +1,6 @@ Name: librhsm Version: 0.0.3 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Red Hat Subscription Manager library License: LGPLv2+ @@ -13,6 +13,7 @@ Patch0002: 0002-Generate-repofile-for-any-architecture-if-ALL-is-spe.patch Patch0003: 0003-Enable-repos-when-generating-a-.repo-file-based-on-e.patch Patch0004: 0004-Append-ctx_baseurl-prefix-to-gpg_url-RhBug-1708628.patch Patch0005: 0005-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch +Patch0006: 0006-Refactor-parse_entitlement_data.patch BuildRequires: meson >= 0.37.0 BuildRequires: gcc @@ -53,6 +54,9 @@ Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} %{_libdir}/pkgconfig/%{name}.pc %changelog +* Wed Apr 10 2024 Petr Pisar - 0.0.3-9 +- Fix memory leaks in parse_entitlement_data() (RHEL-25499) + * Tue Nov 21 2023 Petr Pisar - 0.0.3-8 - Correct a License tag to LGPLv2+ (RHEL-16103) - Fix relocating certificate paths to /etc/rhsm-host (RHEL-14224)