Fix small security issues

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
This commit is contained in:
Igor Gnatenko 2019-01-12 10:18:41 +01:00
parent 849ea55b06
commit a8624a983d
No known key found for this signature in database
GPG Key ID: 695714BD1BBC5F4C
4 changed files with 104 additions and 1 deletions

View File

@ -0,0 +1,25 @@
From c5883b20b7b021ee94111cb72777ab3ba3f50950 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Fri, 7 Dec 2018 07:05:10 +0100
Subject: [PATCH] Fix: Dereference of null pointer
---
ext/repo_repomdxml.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/repo_repomdxml.c b/ext/repo_repomdxml.c
index fd46272b..46d83615 100644
--- a/ext/repo_repomdxml.c
+++ b/ext/repo_repomdxml.c
@@ -181,7 +181,7 @@ startElement(struct solv_xmlparser *xmlp, int state, const char *name, const cha
while (value)
{
char *p = strchr(value, ',');
- if (*p)
+ if (p)
*p++ = 0;
if (*value)
repodata_add_poolstr_array(pd->data, SOLVID_META, REPOSITORY_UPDATES, value);
--
2.20.1

View File

@ -0,0 +1,32 @@
From 95c3d1b3aad7a003d129b957cf449d11edaca67b Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Tue, 11 Dec 2018 10:22:09 +0100
Subject: [PATCH] Fix: testsolv segfault
ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fab0e11bf2b bp 0x7ffdfc044b70 sp 0x7ffdfc044a90 T0)
0 0x7fab0e11bf2a in testcase_str2dep_complex /home/company/real_sanitize/libsolv-master/ext/testcase.c:577
1 0x7fab0e11c80f in testcase_str2dep /home/company/real_sanitize/libsolv-master/ext/testcase.c:656
2 0x7fab0e12e64a in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2952
3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148
4 0x7fab0d9d2a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8)
---
ext/testcase.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ext/testcase.c b/ext/testcase.c
index 33998d47..fe2636cb 100644
--- a/ext/testcase.c
+++ b/ext/testcase.c
@@ -576,6 +576,8 @@ testcase_str2dep_complex(Pool *pool, const char **sp, int relop)
Id flags, id, id2, namespaceid = 0;
struct oplist *op;
+ if (!s)
+ return 0;
while (*s == ' ' || *s == '\t')
s++;
if (!strncmp(s, "namespace:", 10))
--
2.20.1

View File

@ -0,0 +1,38 @@
From 6de825c4d27022e48570824f0be77132c5b6d45a Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Tue, 11 Dec 2018 10:27:15 +0100
Subject: [PATCH] Fix: testsolv segfaults
ERROR: AddressSanitizer: SEGV on unknown address 0x0000000002f0 (pc 0x7f31501d3bd2 bp 0x7ffcfe4d4a50 sp 0x7ffcfe4d4a30 T0)
0 0x7f31501d3bd1 in pool_whatprovides /home/company/real_sanitize/libsolv-master/src/pool.h:331
1 0x7f31501d895e in testcase_str2solvid /home/company/real_sanitize/libsolv-master/ext/testcase.c:793
2 0x7f31501e8388 in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2807
3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148
4 0x7f314fa8da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8)
ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f5af9e7815f bp 0x7ffc4c843a40 sp 0x7ffc4c8436c0 T0)
0 0x7f5af9e7815e in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2799
1 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148
2 0x7f5af971da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
3 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8)
---
ext/testcase.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/testcase.c b/ext/testcase.c
index fe2636cb..c8dd14ee 100644
--- a/ext/testcase.c
+++ b/ext/testcase.c
@@ -2795,7 +2795,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
{
int i = strlen(pieces[1]);
s = strchr(pieces[1], '(');
- if (!s && pieces[1][i - 1] != ')')
+ if (!s || pieces[1][i - 1] != ')')
{
pool_error(pool, 0, "testcase_read: bad namespace '%s'", pieces[1]);
}
--
2.20.1

View File

@ -40,12 +40,17 @@
Name: lib%{libname}
Version: 0.7.2
Release: 1%{?dist}
Release: 2%{?dist}.test
Summary: Package dependency solver
License: BSD
URL: https://github.com/openSUSE/libsolv
Source: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch0001: 0001-Fix-Dereference-of-null-pointer.patch
Patch0002: 0001-Fix-testsolv-segfault.patch
Patch0003: 0001-Fix-testsolv-segfaults.patch
Patch666: test.diff
BuildRequires: cmake
BuildRequires: gcc-c++
@ -288,6 +293,9 @@ Python 3 version.
%endif
%changelog
* Sat Jan 12 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.7.2-2
- Fix small security issues
* Mon Dec 10 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.7.2-1
- Update to 0.7.2