From 87e7a0a93328f264e7cc48ba894309f01ab65397 Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Fri, 30 Aug 2024 17:35:30 +0200 Subject: [PATCH] Fix SAST issues (RHEL-39394) Resolves: RHEL-39394 --- ...id-writing-uninitialized-header-data.patch | 46 +++++++++++++++ 0002-Don-t-leak-file-descriptor.patch | 56 +++++++++++++++++++ ...licitely-to-prevent-undefined-behavi.patch | 24 ++++++++ plocate.spec | 4 ++ 4 files changed, 130 insertions(+) create mode 100644 0001-Avoid-writing-uninitialized-header-data.patch create mode 100644 0002-Don-t-leak-file-descriptor.patch create mode 100644 0003-Reset-string-explicitely-to-prevent-undefined-behavi.patch diff --git a/0001-Avoid-writing-uninitialized-header-data.patch b/0001-Avoid-writing-uninitialized-header-data.patch new file mode 100644 index 0000000..d16c3c3 --- /dev/null +++ b/0001-Avoid-writing-uninitialized-header-data.patch @@ -0,0 +1,46 @@ +From de286d090353e92b479c49590aa9c9e99b3defa1 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 28 Aug 2024 09:47:39 +0200 +Subject: [PATCH] Avoid writing uninitialized header data + +--- + database-builder.cpp | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/database-builder.cpp b/database-builder.cpp +index f9dfb71..0655681 100644 +--- a/database-builder.cpp ++++ b/database-builder.cpp +@@ -531,7 +531,15 @@ DatabaseBuilder::DatabaseBuilder(const char *outfile, gid_t owner, int block_siz + hdr.max_version = 2; + hdr.filename_index_offset_bytes = -1; + hdr.zstd_dictionary_length_bytes = -1; ++ hdr.zstd_dictionary_offset_bytes = -1; // Dictionary offset is not known yet. + hdr.check_visibility = check_visibility; ++ hdr.directory_data_length_bytes = 0; ++ hdr.directory_data_offset_bytes = 0; ++ hdr.next_zstd_dictionary_length_bytes = 0; ++ hdr.next_zstd_dictionary_offset_bytes = 0; ++ hdr.conf_block_length_bytes = 0; ++ hdr.conf_block_offset_bytes = 0; ++ + fwrite(&hdr, sizeof(hdr), 1, outfp); + + if (dictionary.empty()) { +@@ -543,13 +551,6 @@ DatabaseBuilder::DatabaseBuilder(const char *outfile, gid_t owner, int block_siz + hdr.zstd_dictionary_length_bytes = dictionary.size(); + cdict = ZSTD_createCDict(dictionary.data(), dictionary.size(), /*level=*/6); + } +- +- hdr.directory_data_length_bytes = 0; +- hdr.directory_data_offset_bytes = 0; +- hdr.next_zstd_dictionary_length_bytes = 0; +- hdr.next_zstd_dictionary_offset_bytes = 0; +- hdr.conf_block_length_bytes = 0; +- hdr.conf_block_offset_bytes = 0; + } + + DatabaseReceiver *DatabaseBuilder::start_corpus(bool store_dir_times) +-- +2.45.2 + diff --git a/0002-Don-t-leak-file-descriptor.patch b/0002-Don-t-leak-file-descriptor.patch new file mode 100644 index 0000000..71f3d7d --- /dev/null +++ b/0002-Don-t-leak-file-descriptor.patch @@ -0,0 +1,56 @@ +From 80d6f4a60cddfbf9235c6f5132ee6fde99cf5c81 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 28 Aug 2024 15:36:24 +0200 +Subject: [PATCH] Don't leak file descriptor + +--- + plocate.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/plocate.cpp b/plocate.cpp +index 519024e..234b703 100644 +--- a/plocate.cpp ++++ b/plocate.cpp +@@ -489,6 +489,7 @@ uint64_t do_search_file(const vector &needles, const std::string &filena + start = steady_clock::now(); + if (access("/", R_OK | X_OK)) { + // We can't find anything, no need to bother... ++ close(fd); + return 0; + } + +@@ -534,6 +535,7 @@ uint64_t do_search_file(const vector &needles, const std::string &filena + uint64_t matched = scan_all_docids(needles, fd, corpus); + dprintf("Done in %.1f ms, found %" PRId64 " matches.\n", + 1e3 * duration(steady_clock::now() - start).count(), matched); ++ close(fd); + return matched; + } + +@@ -592,6 +594,7 @@ uint64_t do_search_file(const vector &needles, const std::string &filena + dprintf("Hashtable lookups done after %.1f ms.\n", 1e3 * duration(steady_clock::now() - start).count()); + + if (should_early_exit) { ++ close(fd); + return 0; + } + +@@ -677,6 +680,7 @@ uint64_t do_search_file(const vector &needles, const std::string &filena + } + engine.finish(); + if (done) { ++ close(fd); + return 0; + } + dprintf("Intersection done after %.1f ms. Doing final verification and printing:\n", +@@ -685,6 +689,7 @@ uint64_t do_search_file(const vector &needles, const std::string &filena + uint64_t matched = scan_docids(needles, cur_candidates, corpus, &engine); + dprintf("Done in %.1f ms, found %" PRId64 " matches.\n", + 1e3 * duration(steady_clock::now() - start).count(), matched); ++ close(fd); + return matched; + } + +-- +2.45.2 + diff --git a/0003-Reset-string-explicitely-to-prevent-undefined-behavi.patch b/0003-Reset-string-explicitely-to-prevent-undefined-behavi.patch new file mode 100644 index 0000000..550df0c --- /dev/null +++ b/0003-Reset-string-explicitely-to-prevent-undefined-behavi.patch @@ -0,0 +1,24 @@ +From 889638fceaca2b668ea3056c47947b96413b2670 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 28 Aug 2024 16:01:26 +0200 +Subject: [PATCH] Reset string explicitely to prevent undefined behavior + +--- + plocate.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/plocate.cpp b/plocate.cpp +index 234b703..36f087e 100644 +--- a/plocate.cpp ++++ b/plocate.cpp +@@ -799,6 +799,7 @@ void parse_dbpaths(const char *ptr, vector *output) + if (*ptr == ':') { + // Separator. + output->push_back(move(str)); ++ str.clear(); + ++ptr; + continue; + } +-- +2.45.2 + diff --git a/plocate.spec b/plocate.spec index 8978909..a98ed9b 100644 --- a/plocate.spec +++ b/plocate.spec @@ -13,6 +13,10 @@ URL: https://plocate.sesse.net/ Source0: https://plocate.sesse.net/download/plocate-%{version}.tar.gz Source1: plocate.sysusers +Patch1: 0001-Avoid-writing-uninitialized-header-data.patch +Patch2: 0002-Don-t-leak-file-descriptor.patch +Patch3: 0003-Reset-string-explicitely-to-prevent-undefined-behavi.patch + BuildRequires: meson BuildRequires: gcc-c++ BuildRequires: systemd-rpm-macros