Fix memory leaks in parse_entitlement_data()

Resolves: RHEL-25499
2024-04-10 13:03:44 +02:00 · 2024-04-10 13:03:44 +02:00 · bf2220747d
commit bf2220747d
parent 8467e68dd9
2 changed files with 42 additions and 1 deletions
--- a/0006-Refactor-parse_entitlement_data.patch
+++ b/0006-Refactor-parse_entitlement_data.patch
@ -0,0 +1,37 @@
 From 5e0674cf389f14174208641ec411ba7be448d5e3 Mon Sep 17 00:00:00 2001
 From: Marek Blaha <mblaha@redhat.com>
 Date: Fri, 18 Jun 2021 07:48:16 +0200
 Subject: [PATCH] Refactor parse_entitlement_data()
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 This change is meant to silence alerts from static code analysis. It
 also makes the *ent variable freeing slightly more clear.
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 rhsm/rhsm-entitlement-certificate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/rhsm/rhsm-entitlement-certificate.c b/rhsm/rhsm-entitlement-certificate.c
 index 5d37732..aa4dd7e 100644
 --- a/rhsm/rhsm-entitlement-certificate.c
 +++ b/rhsm/rhsm-entitlement-certificate.c
@@ -140,11 +140,11 @@ parse_entitlement_data (const gchar  *data,
     }
   gsize hlen = strlen (ENTITLEMENT_DATA_HEADER);
 -  gchar *ent = g_strndup (start + hlen, end - start - hlen);
 +  g_autofree gchar *ent = g_strndup (start + hlen, end - start - hlen);
   gsize zlen = 0;
   guchar *zdata = g_base64_decode_inplace (ent, &zlen);
 -  g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, g_free);
 +  g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, NULL);
   g_autoptr(GZlibDecompressor) decompressor = g_zlib_decompressor_new (G_ZLIB_COMPRESSOR_FORMAT_ZLIB);
   g_autoptr(GInputStream) cstream = g_converter_input_stream_new (zstream, G_CONVERTER (decompressor));
   g_autoptr(JsonParser) parser = json_parser_new_immutable ();
 -- 
 2.44.0
--- a/librhsm.spec
+++ b/librhsm.spec
@ -1,6 +1,6 @@
 Name:           librhsm
 Version:        0.0.3
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        Red Hat Subscription Manager library
 License:        LGPLv2+
@ -13,6 +13,7 @@ Patch0002:      0002-Generate-repofile-for-any-architecture-if-ALL-is-spe.patch
 Patch0003:      0003-Enable-repos-when-generating-a-.repo-file-based-on-e.patch
 Patch0004:      0004-Append-ctx_baseurl-prefix-to-gpg_url-RhBug-1708628.patch
 Patch0005:      0005-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch
 Patch0006:      0006-Refactor-parse_entitlement_data.patch
 BuildRequires:  meson >= 0.37.0
 BuildRequires:  gcc
@ -53,6 +54,9 @@ Requires:       %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 %{_libdir}/pkgconfig/%{name}.pc
 %changelog
 * Wed Apr 10 2024 Petr Pisar <ppisar@redhat.com> - 0.0.3-9
 - Fix memory leaks in parse_entitlement_data() (RHEL-25499)
 * Tue Nov 21 2023 Petr Pisar <ppisar@redhat.com> - 0.0.3-8
 - Correct a License tag to LGPLv2+ (RHEL-16103)
 - Fix relocating certificate paths to /etc/rhsm-host (RHEL-14224)