rpms/libuser
6
0
Fork 0
Code Issues Pull Requests Releases Activity

fix findings from static application security testing (#RHEL-35578)

Browse Source 
translation update (#RHEL-12111)
Resolves: #RHEL-35578
This commit is contained in:
Michal Hlavinka 2024-07-23 21:05:37 +02:00
parent ff77ebb0f4
commit 177685d091
2 changed files with 55 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
0010-resource-leak.patch Normal file
View File

@ -0,0 +1,39 @@
diff -up libuser-0.62/lib/user.c.orig libuser-0.62/lib/user.c
--- libuser-0.62/lib/user.c.orig 2024-05-07 17:03:45.220514343 +0200
+++ libuser-0.62/lib/user.c 2024-05-07 17:05:17.855649386 +0200
@@ -986,7 +986,10 @@ lu_dispatch(struct lu_context *context,
case user_default:
case group_default:
/* Make sure we have both name and boolean here. */
- g_return_val_if_fail(sdata != NULL, FALSE);
+ if (sdata == NULL) {
+ free(tmp);
+ return FALSE;
+ }
/* Run the checks and preps. */
if (run_list(context, context->create_module_names,
logic_and, id,
@@ -1065,7 +1068,10 @@ lu_dispatch(struct lu_context *context,
case user_setpass:
case group_setpass:
/* Make sure we have a valid password. */
- g_return_val_if_fail(sdata != NULL, FALSE);
+ if (sdata == NULL) {
+ free(tmp);
+ return FALSE;
+ }
/* no break: fall through */
case user_removepass:
case group_removepass:
@@ -1094,7 +1100,10 @@ lu_dispatch(struct lu_context *context,
case users_enumerate_by_group:
case groups_enumerate_by_user:
/* Make sure we have both name and ID here. */
- g_return_val_if_fail(sdata != NULL, FALSE);
+ if (sdata == NULL) {
+ free(tmp);
+ return FALSE;
+ }
if (id == users_enumerate_by_group)
ldata = convert_group_name_to_id(context, sdata,
error);

26
libuser.spec
View File

@ -1,6 +1,6 @@
Name: libuser Name: libuser
Version: 0.62 Version: 0.62
Release: 25%{?dist} Release: 26%{?dist}
Group: System Environment/Base Group: System Environment/Base
License: LGPLv2+ License: LGPLv2+
URL: https://pagure.io/libuser URL: https://pagure.io/libuser
@ -42,6 +42,7 @@ Patch6: 0006-merge_ent_array_duplicates-Only-use-values-if-valid.patch
Patch7: 0007-editing_open-close-fd-after-we-ve-established-its-va.patch Patch7: 0007-editing_open-close-fd-after-we-ve-established-its-va.patch
Patch8: 0008-lgroupmod-Emit-AUDIT_GRP_CHAUTHTOK-not-AUDIT_GRP_MGM.patch Patch8: 0008-lgroupmod-Emit-AUDIT_GRP_CHAUTHTOK-not-AUDIT_GRP_MGM.patch
Patch9: 0009-man-typo.patch Patch9: 0009-man-typo.patch
Patch10: 0010-resource-leak.patch
%description %description
The libuser library implements a standardized interface for manipulating The libuser library implements a standardized interface for manipulating
@ -77,15 +78,16 @@ administering user and group accounts.
%prep %prep
%setup -q -n libuser-%{version} %setup -q -n libuser-%{version}
%patch1 -p1 %patch -P 1 -p1
%patch2 -p1 %patch -P 2 -p1
%patch3 -p1 %patch -P 3 -p1
%patch4 -p1 %patch -P 4 -p1
%patch5 -p1 %patch -P 5 -p1
%patch6 -p1 %patch -P 6 -p1
%patch7 -p1 %patch -P 7 -p1
%patch8 -p1 %patch -P 8 -p1
%patch9 -p1 %patch -P 9 -p1
%patch -P 10 -p1
cp %{SOURCE1} po/ja.po cp %{SOURCE1} po/ja.po
cp %{SOURCE2} po/zh-Hans.po cp %{SOURCE2} po/zh-Hans.po
cp %{SOURCE3} po/zh-Hant.po cp %{SOURCE3} po/zh-Hant.po
@ -168,6 +170,10 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
%{_datadir}/gtk-doc/html/* %{_datadir}/gtk-doc/html/*
%changelog %changelog
* Tue Jul 23 2024 Michal Hlavinka <mhlavink@redhat.com> - 0.62-26
- fix findings from static application security testing (#RHEL-35578)
- translation update (#RHEL-12111)
* Tue Nov 29 2022 Tomas Halman <thalman@redhat.com> - 0.62-25 * Tue Nov 29 2022 Tomas Halman <thalman@redhat.com> - 0.62-25
- Man-page update - Man-page update
- Resolves: rhbz#2070941 - small typo in lchage man page - Resolves: rhbz#2070941 - small typo in lchage man page