rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11293)
commit 1d2e10afb2ffc35cb3623f57a15f712359f18e75
Author: Herb Wartens <wartens2@llnl.gov>
Date: Tue Aug 1 10:36:16 2023 -0400
rpcb_clnt.c: Eliminate double frees in delete_cache()
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224666
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Resolves: RHEL-11293
This commit is contained in:
Steve Dickson
parent
3ed75a05d5
commit
47fe9a88d6
32
libtirpc-1.1.4-double-free.patch
Normal file
32
libtirpc-1.1.4-double-free.patch
Normal file
@ -0,0 +1,32 @@
|
||||
commit 1d2e10afb2ffc35cb3623f57a15f712359f18e75
|
||||
Author: Herb Wartens <wartens2@llnl.gov>
|
||||
Date: Tue Aug 1 10:36:16 2023 -0400
|
||||
|
||||
rpcb_clnt.c: Eliminate double frees in delete_cache()
|
||||
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224666
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
|
||||
index c0a9e12..68fe69a 100644
|
||||
--- a/src/rpcb_clnt.c
|
||||
+++ b/src/rpcb_clnt.c
|
||||
@@ -262,12 +262,15 @@ delete_cache(addr)
|
||||
for (cptr = front; cptr != NULL; cptr = cptr->ac_next) {
|
||||
if (!memcmp(cptr->ac_taddr->buf, addr->buf, addr->len)) {
|
||||
/* Unlink from cache. We'll destroy it after releasing the mutex. */
|
||||
- if (cptr->ac_uaddr)
|
||||
+ if (cptr->ac_uaddr) {
|
||||
free(cptr->ac_uaddr);
|
||||
- if (prevptr)
|
||||
+ cptr->ac_uaddr = NULL;
|
||||
+ }
|
||||
+ if (prevptr) {
|
||||
prevptr->ac_next = cptr->ac_next;
|
||||
- else
|
||||
+ } else {
|
||||
front = cptr->ac_next;
|
||||
+ }
|
||||
cachesize--;
|
||||
break;
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: libtirpc
|
||||
Version: 1.1.4
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
Summary: Transport Independent RPC Library
|
||||
Group: System Environment/Libraries
|
||||
License: SISSL and BSD
|
||||
@ -51,6 +51,7 @@ Patch009: libtirpc-1.1.4-multithr-cleanup.patch
|
||||
# RHEL 8.10
|
||||
#
|
||||
Patch010: libtirpc-1.1.4-null-ptrs-not-reused.patch
|
||||
Patch011: libtirpc-1.1.4-double-free.patch
|
||||
|
||||
BuildRequires: automake, autoconf, libtool, pkgconfig
|
||||
BuildRequires: krb5-devel
|
||||
@ -171,6 +172,9 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Tue Mar 5 2024 Steve Dickson <steved@redhat.com> 1.1.4-10
|
||||
- rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11293)
|
||||
|
||||
* Mon Mar 4 2024 Steve Dickson <steved@redhat.com> 1.1.4-9
|
||||
- Null pointers so they are not used again (RHEL-11370)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user