Backport memory leak fixes from upstream

2018-11-28 09:21:44 +01:00 · 2018-11-28 09:21:44 +01:00 · e06ca157cf
commit e06ca157cf
parent d64ff7d777
2 changed files with 62 additions and 1 deletions
--- a/net-snmp-5.8-key-leak-backport.patch
+++ b/net-snmp-5.8-key-leak-backport.patch
@ -0,0 +1,56 @@
+diff -urNp a/snmplib/keytools.c b/snmplib/keytools.c
+--- a/snmplib/keytools.c	2018-11-27 15:04:59.931217024 +0100
+++ b/snmplib/keytools.c	2018-11-27 15:07:50.765672477 +0100
+@@ -187,25 +187,25 @@ generate_Ku(const oid * hashtype, u_int
+ #else
+     ctx = malloc(sizeof(*ctx));
+     if (!EVP_MD_CTX_init(ctx))
+-        return SNMPERR_GENERR;
+        QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+ #endif
+     if (!EVP_DigestInit(ctx, hashfn))
+-        return SNMPERR_GENERR;
+        QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+ 
+ #elif NETSNMP_USE_INTERNAL_CRYPTO
+ #ifndef NETSNMP_DISABLE_MD5
+     if (NETSNMP_USMAUTH_HMACMD5 == auth_type) {
+         if (!MD5_Init(&cmd5))
+-            return SNMPERR_GENERR;
+            QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+         cryptotype = TYPE_MD5;
+     } else
+ #endif
+            if (NETSNMP_USMAUTH_HMACSHA1 == auth_type) {
+         if (!SHA1_Init(&csha1))
+-            return SNMPERR_GENERR;
+            QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+         cryptotype = TYPE_SHA1;
+     } else {
+-        return (SNMPERR_GENERR);
+        QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+     }
+ #else
+     MDbegin(&MD);
+diff -urNp a/snmplib/scapi.c b/snmplib/scapi.c
+--- a/snmplib/scapi.c	2018-11-27 15:04:59.931217024 +0100
+++ b/snmplib/scapi.c	2018-11-27 15:14:37.587393891 +0100
+@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char
+ #endif
+     if (!EVP_DigestInit(cptr, hashfn)) {
+         /* requested hash function is not available */
+-        return SNMPERR_SC_NOT_CONFIGURED;
+        rval = SNMPERR_SC_NOT_CONFIGURED;
+        goto sc_hash_type_quit;
+     }
+ 
+ /** pass the data */
+@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char
+ /** do the final pass */
+     EVP_DigestFinal(cptr, MAC, &tmp_len);
+     *MAC_len = tmp_len;
+
+sc_hash_type_quit:
+ #if defined(HAVE_EVP_MD_CTX_FREE)
+     EVP_MD_CTX_free(cptr);
+ #elif defined(HAVE_EVP_MD_CTX_DESTROY)
--- a/net-snmp.spec
+++ b/net-snmp.spec
@ -10,7 +10,7 @@
 Summary:    A collection of SNMP protocol tools and libraries
 Name:       net-snmp
 Version:    5.8
-Release:    2%{?dist}
+Release:    3%{?dist}
 Epoch:      1

 License:    BSD
@ -39,6 +39,7 @@ Patch9:     net-snmp-5.8-Remove-U64-typedef.patch
 Patch10:    net-snmp-5.8-libnetsnmptrapd-against-MYSQL_LIBS.patch
 Patch11:    net-snmp-5.7.3-iterator-fix.patch
 Patch12:    net-snmp-5.8-autofs-skip.patch
+Patch13:    net-snmp-5.8-key-leak-backport.patch

 # Modern RPM API means at least EL6
 Patch101:   net-snmp-5.8-modern-rpm-api.patch
@ -205,6 +206,7 @@ cp %{SOURCE10} .
 %patch10 -p1 -b .perlfix
 %patch11 -p1 -b .iterator-fix
 %patch12 -p1 -b .autofs-skip
+%patch13 -p1 -b .leak-backport

 %patch101 -p1 -b .modern-rpm-api
 %patch102 -p1
@ -475,6 +477,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_libdir}/libnetsnmptrapd*.so.%{soname}*

 %changelog
+* Tue Nov 27 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-3
+- backport memory leak fixes from upstream
+
 * Mon Jul 23 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
 - fix unresoved error with mysql functions
 - implement changes to announce soname changes