rpms/nano
5
0
Fork 0
Code Issues Pull Requests Releases Activity

avoid a leak when linter aborts after producing parsable output

Browse Source 
Resolves: RHEL-51175
This commit is contained in:
Lukáš Zaoral 2024-12-11 10:32:29 +01:00
parent 96f18ad9fa
commit 683c7a8e47
No known key found for this signature in database
GPG Key ID: 39157506DD67752D
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
nano-5.6.1-fix-leak-after-linter-failure.patch Normal file
View File

@ -0,0 +1,35 @@
From 7fd38e88c12133859f48ca3191fe341795401982 Mon Sep 17 00:00:00 2001
From: Lukáš Zaoral <lzaoral@redhat.com>
Date: Tue, 10 Dec 2024 10:01:07 +0100
Subject: memory: avoid a leak when linter aborts after producing parsable
output
Any collected messages should be freed also after an
abnormal exit of the linter.
Buglet existed since version 2.4.1, commit f225991b.
---
src/text.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/text.c b/src/text.c
index e924e818..5ac9d4ca 100644
--- a/src/text.c
+++ b/src/text.c
@@ -2755,6 +2755,13 @@ void do_linter(void)
if (!WIFEXITED(lint_status) || WEXITSTATUS(lint_status) > 2) {
statusline(ALERT, _("Error invoking '%s'"), openfile->syntax->linter);
+ for (curlint = lints; curlint != NULL;) {
+ tmplint = curlint;
+ curlint = curlint->next;
+ free(tmplint->msg);
+ free(tmplint->filename);
+ free(tmplint);
+ }
return;
}
--
cgit v1.2.3-70-g09d2

7
nano.spec
View File

@ -8,7 +8,7 @@
Summary: A small text editor
Name: nano
Version: 5.6.1
Release: 6%{?dist}
Release: 7%{?dist}
License: GPLv3+
URL: https://www.nano-editor.org
Source: https://www.nano-editor.org/dist/latest/%{name}-%{version}.tar.xz
@ -21,6 +21,8 @@ Source13: nano-default-editor.fish
# fix emergency file replacement vulnerability (CVE-2024-5742)
Patch0: nano-5.6.1-emergency-file-replace-vuln.patch
# avoid a leak when linter aborts after producing parsable output (RHEL-51175)
Patch1: nano-5.6.1-fix-leak-after-linter-failure.patch
BuildRequires: file-devel
BuildRequires: gettext-devel
@ -112,6 +114,9 @@ install -Dpm 0644 %{SOURCE13} %{buildroot}%{_datadir}/fish/vendor_conf.d/%{basen
%changelog
* Wed Dec 11 2024 Lukáš Zaoral <lzaoral@redhat.com> - 5.6.1-7
- avoid a leak when linter aborts after producing parsable output (RHEL-51175)
* Mon Jul 01 2024 Lukáš Zaoral <lzaoral@redhat.com> - 5.6.1-6
- fix emergency file replacement vulnerability (RHEL-35237)