- backported patch, abort when cleaning up fails

- backported patch, improve support for memory leak detection
- backported patch, don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
- backported patch, CVE-2019-13636, don't follow symlinks unless --follow-symlinks is given
- backported patch, avoid invalid memory accessin context format diffs
- backported patch, fix failed assertion
This commit is contained in:
Than Ngo 2019-07-24 15:05:07 +02:00
parent a061c1d58d
commit 9dc0ea4960
8 changed files with 351 additions and 75 deletions

View File

@ -0,0 +1,102 @@
commit dce4683cbbe107a95f1f0d45fabc304acfb5d71a
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon Jul 15 16:21:48 2019 +0200
Don't follow symlinks unless --follow-symlinks is given
* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
append_to_file): Unless the --follow-symlinks option is given, open files with
the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
that consistently for input files.
* src/util.c (create_backup): When creating empty backup files, (re)create them
with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
diff --git a/src/inp.c b/src/inp.c
index 32d0919..22d7473 100644
--- a/src/inp.c
+++ b/src/inp.c
@@ -238,8 +238,13 @@ plan_a (char const *filename)
{
if (S_ISREG (instat.st_mode))
{
- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
+ int flags = O_RDONLY | binary_transput;
size_t buffered = 0, n;
+ int ifd;
+
+ if (! follow_symlinks)
+ flags |= O_NOFOLLOW;
+ ifd = safe_open (filename, flags, 0);
if (ifd < 0)
pfatal ("can't open file %s", quotearg (filename));
@@ -340,6 +345,7 @@ plan_a (char const *filename)
static void
plan_b (char const *filename)
{
+ int flags = O_RDONLY | binary_transput;
int ifd;
FILE *ifp;
int c;
@@ -353,7 +359,9 @@ plan_b (char const *filename)
if (instat.st_size == 0)
filename = NULL_DEVICE;
- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
+ if (! follow_symlinks)
+ flags |= O_NOFOLLOW;
+ if ((ifd = safe_open (filename, flags, 0)) < 0
|| ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
pfatal ("Can't open file %s", quotearg (filename));
if (TMPINNAME_needs_removal)
diff --git a/src/util.c b/src/util.c
index 1cc08ba..fb38307 100644
--- a/src/util.c
+++ b/src/util.c
@@ -388,7 +388,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
try_makedirs_errno = ENOENT;
safe_unlink (bakname);
- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
+ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
{
if (errno != try_makedirs_errno)
pfatal ("Can't create file %s", quotearg (bakname));
@@ -579,10 +579,13 @@ create_file (char const *file, int open_flags, mode_t mode,
static void
copy_to_fd (const char *from, int tofd)
{
+ int from_flags = O_RDONLY | O_BINARY;
int fromfd;
ssize_t i;
- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
+ if (! follow_symlinks)
+ from_flags |= O_NOFOLLOW;
+ if ((fromfd = safe_open (from, from_flags, 0)) < 0)
pfatal ("Can't reopen file %s", quotearg (from));
while ((i = read (fromfd, buf, bufsize)) != 0)
{
@@ -625,6 +628,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
else
{
assert (S_ISREG (mode));
+ if (! follow_symlinks)
+ to_flags |= O_NOFOLLOW;
tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
to_dir_known_to_exist);
copy_to_fd (from, tofd);
@@ -640,9 +645,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
void
append_to_file (char const *from, char const *to)
{
+ int to_flags = O_WRONLY | O_APPEND | O_BINARY;
int tofd;
- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
+ if (! follow_symlinks)
+ to_flags |= O_NOFOLLOW;
+ if ((tofd = safe_open (to, to_flags, 0)) < 0)
pfatal ("Can't reopen file %s", quotearg (to));
copy_to_fd (from, tofd);
if (close (tofd) != 0)

View File

@ -0,0 +1,46 @@
commit b7b028a77bd855f6f56b17c8837fc1cca77b469d
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Jun 28 00:30:25 2019 +0200
Abort when cleaning up fails
When a fatal error triggers during cleanup, another attempt will be made to
clean up, which will likely lead to the same fatal error. So instead, bail out
when that happens.
src/patch.c (cleanup): Bail out when called recursively.
(main): There is no need to call output_files() before cleanup() as cleanup()
already does that.
diff --git a/src/patch.c b/src/patch.c
index 4616a48..02fd982 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -685,7 +685,6 @@ main (int argc, char **argv)
}
if (outstate.ofp && (ferror (outstate.ofp) || fclose (outstate.ofp) != 0))
write_fatal ();
- output_files (NULL);
cleanup ();
delete_files ();
if (somefailed)
@@ -1991,7 +1990,6 @@ void
fatal_exit (int sig)
{
cleanup ();
-
if (sig)
exit_with_signal (sig);
@@ -2011,6 +2009,12 @@ remove_if_needed (char const *name, bool *needs_removal)
static void
cleanup (void)
{
+ static bool already_cleaning_up;
+
+ if (already_cleaning_up)
+ return;
+ already_cleaning_up = true;
+
remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);

View File

@ -0,0 +1,21 @@
commit 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon Jul 15 19:10:02 2019 +0200
Avoid invalid memory access in context format diffs
* src/pch.c (another_hunk): Avoid invalid memory access in context format
diffs.
diff --git a/src/pch.c b/src/pch.c
index a500ad9..cb54e03 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev)
ptrn_prefix_context = context;
ptrn_suffix_context = context;
if (repl_beginning
+ || p_end <= 0
|| (p_end
!= p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n')))
{

View File

@ -0,0 +1,84 @@
commit 61d7788b83b302207a67b82786f4fd79e3538f30
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Thu Jun 27 11:10:43 2019 +0200
Don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
* src/safe.c (min_cached_fds): Define minimum number of cached dir file
descriptors.
(max_cached_fds): Change type to rlim_t to allow storing RLIM_INFINITY.
(init_dirfd_cache): Set max_cached_fds to RLIM_INFINITY when RLIMIT_NOFILE is
RLIM_INFINITY. Set the initial hash table size to min_cached_fds, independent
of RLIMIT_NOFILE: patches commonly only affect one or a few files, so a small
hash table will usually suffice; if needed, the hash table will grow.
(insert_cached_dirfd): Don't shrink the cache when max_cached_fds is
RLIM_INFINITY.
diff --git a/src/safe.c b/src/safe.c
index 5a7202f..f147b0e 100644
--- a/src/safe.c
+++ b/src/safe.c
@@ -67,7 +67,8 @@ struct cached_dirfd {
};
static Hash_table *cached_dirfds = NULL;
-static size_t max_cached_fds;
+static rlim_t min_cached_fds = 8;
+static rlim_t max_cached_fds;
LIST_HEAD (lru_list);
static size_t hash_cached_dirfd (const void *entry, size_t table_size)
@@ -98,11 +99,17 @@ static void init_dirfd_cache (void)
{
struct rlimit nofile;
- max_cached_fds = 8;
if (getrlimit (RLIMIT_NOFILE, &nofile) == 0)
- max_cached_fds = MAX (nofile.rlim_cur / 4, max_cached_fds);
+ {
+ if (nofile.rlim_cur == RLIM_INFINITY)
+ max_cached_fds = RLIM_INFINITY;
+ else
+ max_cached_fds = MAX (nofile.rlim_cur / 4, min_cached_fds);
+ }
+ else
+ max_cached_fds = min_cached_fds;
- cached_dirfds = hash_initialize (max_cached_fds,
+ cached_dirfds = hash_initialize (min_cached_fds,
NULL,
hash_cached_dirfd,
compare_cached_dirfds,
@@ -148,20 +155,23 @@ static void insert_cached_dirfd (struct cached_dirfd *entry, int keepfd)
if (cached_dirfds == NULL)
init_dirfd_cache ();
- /* Trim off the least recently used entries */
- while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
+ if (max_cached_fds != RLIM_INFINITY)
{
- struct cached_dirfd *last =
- list_entry (lru_list.prev, struct cached_dirfd, lru_link);
- if (&last->lru_link == &lru_list)
- break;
- if (last->fd == keepfd)
+ /* Trim off the least recently used entries */
+ while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
{
- last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
+ struct cached_dirfd *last =
+ list_entry (lru_list.prev, struct cached_dirfd, lru_link);
if (&last->lru_link == &lru_list)
break;
+ if (last->fd == keepfd)
+ {
+ last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
+ if (&last->lru_link == &lru_list)
+ break;
+ }
+ remove_cached_dirfd (last);
}
- remove_cached_dirfd (last);
}
/* Only insert if the parent still exists. */

View File

@ -0,0 +1,29 @@
commit 76e775847f4954b63dc72afe34d9d921c6688b31
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Tue Jul 16 01:16:28 2019 +0200
Fix failed assertion 'outstate->after_newline'
The assertion triggers when the -o FILE option is used, more than one output
file is written into FILE, and one of those files (except the last one) ends in
the middle of a line.
* src/patch.c (main): Fix the case described above.
diff --git a/src/patch.c b/src/patch.c
index 02fd982..3794319 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -369,6 +369,13 @@ main (int argc, char **argv)
/* outstate.ofp now owns the file descriptor */
outfd = -1;
}
+ else
+ {
+ /* When writing to a single output file (-o FILE), always pretend
+ that the output file ends in a newline. Otherwise, when another
+ file is written to the same output file, apply_hunk will fail. */
+ outstate.after_newline = true;
+ }
/* find out where all the lines are */
if (!skip_rest_of_patch) {

View File

@ -1,70 +0,0 @@
diff -up patch-2.7.6/src/patch.c.git-style patch-2.7.6/src/patch.c
--- patch-2.7.6/src/patch.c.git-style 2018-02-03 13:41:49.000000000 +0100
+++ patch-2.7.6/src/patch.c 2018-10-11 15:01:08.709406802 +0200
@@ -1938,8 +1938,12 @@ output_files (struct stat const *st)
{
gl_list_iterator_t iter;
const void *elt;
+ gl_list_t files;
- iter = gl_list_iterator (files_to_output);
+ files = files_to_output;
+ init_files_to_output ();
+
+ iter = gl_list_iterator (files);
while (gl_list_iterator_next (&iter, &elt, NULL))
{
const struct file_to_output *file_to_output = elt;
@@ -1957,8 +1961,8 @@ output_files (struct stat const *st)
/* Free the list up to here. */
for (;;)
{
- const void *elt2 = gl_list_get_at (files_to_output, 0);
- gl_list_remove_at (files_to_output, 0);
+ const void *elt2 = gl_list_get_at (files, 0);
+ gl_list_remove_at (files, 0);
if (elt == elt2)
break;
}
@@ -1967,7 +1971,7 @@ output_files (struct stat const *st)
}
}
gl_list_iterator_free (&iter);
- gl_list_clear (files_to_output);
+ gl_list_clear (files);
}
/* Fatal exit with cleanup. */
diff -up patch-2.7.6/tests/git-error.git-style patch-2.7.6/tests/git-error
--- patch-2.7.6/tests/git-error.git-style 2018-10-11 15:00:09.349200685 +0200
+++ patch-2.7.6/tests/git-error 2018-10-11 15:00:09.349200685 +0200
@@ -0,0 +1,29 @@
+# Copyright (C) 2018 Free Software Foundation, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# in any medium, are permitted without royalty provided the copyright
+# notice and this notice are preserved.
+
+. $srcdir/test-lib.sh
+
+require cat
+use_local_patch
+use_tmpdir
+
+cat > f.diff <<EOF
+diff --git a/boo b/boo
+--- /dev/fd/63 2018-02-27 16:32:54.861266246 +0100
++++ /dev/fd/62 2018-02-27 16:32:54.861266246 +0100
+@@ -1 +1 @@
+-abc
++def
+
+EOF
+
+check 'patch .nonexistent < f.diff || echo "Status: $?"' <<EOF
+patching file .nonexistent
+Hunk #1 FAILED at 1.
+1 out of 1 hunk FAILED -- saving rejects to file .nonexistent.rej
+$PATCH: **** Can't reopen file .nonexistent : No such file or directory
+Status: 2
+EOF

View File

@ -0,0 +1,48 @@
commit 2b584aec9e5f2806b1eccadcabe7e901fcfa0b0a
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Thu Jun 27 11:02:02 2019 +0200
Improve support for memory leak detection
When building with the address sanitizer on, free some more resources before
exiting. (This is unnecessary when not looking for memory leaks.)
* src/patch.c (init_files_to_delete): Add dispose function for freeing
filenames.
diff --git a/src/patch.c b/src/patch.c
index 81c7a02..4616a48 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -36,6 +36,10 @@
#include <minmax.h>
#include <safe.h>
+#ifdef __SANITIZE_ADDRESS__
+# define FREE_BEFORE_EXIT
+#endif
+
/* procedures */
static FILE *create_output_file (char const *, int);
@@ -1777,10 +1781,20 @@ struct file_to_delete {
static gl_list_t files_to_delete;
+#ifdef FREE_BEFORE_EXIT
+void dispose_file_to_delete (const void *elt)
+{
+ free ((void *) elt);
+}
+#else
+#define dispose_file_to_delete NULL
+#endif
+
static void
init_files_to_delete (void)
{
- files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL, NULL, true);
+ files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL,
+ dispose_file_to_delete, true);
}
static void

View File

@ -3,14 +3,19 @@
Summary: Utility for modifying/upgrading files Summary: Utility for modifying/upgrading files
Name: patch Name: patch
Version: 2.7.6 Version: 2.7.6
Release: 9%{?dist} Release: 10%{?dist}
License: GPLv3+ License: GPLv3+
URL: http://www.gnu.org/software/patch/patch.html URL: http://www.gnu.org/software/patch/patch.html
Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
Patch1: patch-CVE-2018-1000156.patch Patch1: patch-CVE-2018-1000156.patch
Patch2: patch-2.7.6-CVE-2018-6952.patch Patch2: patch-2.7.6-CVE-2018-6952.patch
Patch3: patch-2.7.6-git-style.patch Patch3: patch-2.7.6-abort_when_cleaning_up_fails.patch
Patch4: patch-2.7.6-CVE-2018-17942.patch Patch4: patch-2.7.6-CVE-2018-17942.patch
Patch5: patch-2.7.6-improve_support_for_memory_leak_detection.patch
Patch6: patch-2.7.6-crash-RLIMIT_NOFILE.patch
Patch7: patch-2.7.6-CVE-2019-13636-symlinks.patch
Patch8: patch-2.7.6-avoid_invalid_memory_access.patch
Patch9: patch-2.7.6-failed_assertion.patch
Patch100: patch-selinux.patch Patch100: patch-selinux.patch
BuildRequires: gcc BuildRequires: gcc
@ -37,11 +42,14 @@ applications.
%patch1 -p1 -b .CVE-2018-1000156 %patch1 -p1 -b .CVE-2018-1000156
# CVE-2018-6952, Double free of memory # CVE-2018-6952, Double free of memory
%patch2 -p1 -b .CVE-2018-6952 %patch2 -p1 -b .CVE-2018-6952
# Fix error handling with git-style patches %patch3 -p1 -b .abort_when_cleaning_up_fails
# http://lists.gnu.org/archive/html/bug-patch/2018-10/msg00000.html
%patch3 -p1 -b .git-style
# CVE-2018-17942 gnulib: heap-based buffer overflow # CVE-2018-17942 gnulib: heap-based buffer overflow
%patch4 -p1 -b .gnulib_buffer_overflow %patch4 -p1 -b .gnulib_buffer_overflow
%patch5 -p1 -b .improve_support_for_memory_leak_detection
%patch6 -p1 -b .crash-RLIMIT_NOFILE
%patch7 -p1 -b .CVE-2019-13636-symlinks
%patch8 -p1 -b .avoid_invalid_memory_access
%patch9 -p1 -b .failed_assertion
# SELinux support. # SELinux support.
%patch100 -p1 -b .selinux %patch100 -p1 -b .selinux
@ -67,6 +75,14 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Wed Jul 24 2019 Than Ngo <than@redhat.com> - 2.7.6-10
- backported patch, abort when cleaning up fails
- backported patch, improve support for memory leak detection
- backported patch, don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
- backported patch, CVE-2019-13636, don't follow symlinks unless --follow-symlinks is given
- backported patch, avoid invalid memory accessin context format diffs
- backported patch, fix failed assertion
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-9 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild