diff --git a/SOURCES/rpcbind-1.2.5-covscan-resource-leaks.patch b/SOURCES/rpcbind-1.2.5-covscan-resource-leaks.patch new file mode 100644 index 0000000..60d5248 --- /dev/null +++ b/SOURCES/rpcbind-1.2.5-covscan-resource-leaks.patch @@ -0,0 +1,83 @@ +diff -up rpcbind-1.2.5/src/rpcbind.c.orig rpcbind-1.2.5/src/rpcbind.c +--- rpcbind-1.2.5/src/rpcbind.c.orig 2018-08-15 10:51:19.000000000 -0400 ++++ rpcbind-1.2.5/src/rpcbind.c 2019-11-11 10:53:56.753677937 -0500 +@@ -340,7 +340,7 @@ init_transport(struct netconfig *nconf) + { + int fd = -1; + struct t_bind taddr; +- struct addrinfo hints, *res; ++ struct addrinfo hints, *res = NULL; + struct __rpc_sockinfo si; + SVCXPRT *my_xprt = NULL; + int status; /* bound checking ? */ +@@ -817,8 +817,12 @@ got_socket: + } + #endif + ++ if (res != NULL) ++ freeaddrinfo(res); + return (0); + error: ++ if (res != NULL) ++ freeaddrinfo(res); + close(fd); + return (1); + } +diff -up rpcbind-1.2.5/src/rpcb_stat.c.orig rpcbind-1.2.5/src/rpcb_stat.c +--- rpcbind-1.2.5/src/rpcb_stat.c.orig 2018-08-15 10:51:19.000000000 -0400 ++++ rpcbind-1.2.5/src/rpcb_stat.c 2019-11-11 10:53:56.754677944 -0500 +@@ -151,7 +151,7 @@ rpcbs_rmtcall(rpcvers_t rtype, rpcproc_t + rpcbs_rmtcalllist *rl; + struct netconfig *nconf; + +- if (rtype > RPCBVERS_STAT) ++ if (rtype >= RPCBVERS_STAT) + return; + for (rl = inf[rtype].rmtinfo; rl; rl = rl->next) { + +diff -up rpcbind-1.2.5/src/rpcinfo.c.orig rpcbind-1.2.5/src/rpcinfo.c +--- rpcbind-1.2.5/src/rpcinfo.c.orig 2019-11-11 10:52:54.212281436 -0500 ++++ rpcbind-1.2.5/src/rpcinfo.c 2019-11-11 10:53:56.755677950 -0500 +@@ -693,11 +693,11 @@ reply_proc (res, who, nconf) + } + if (!(uaddr = taddr2uaddr (nconf, who))) + { +- uaddr = UNKNOWN; ++ printf ("%s\t%s\n", UNKNOWN, hostname); ++ } else { ++ printf ("%s\t%s\n", uaddr, hostname); ++ free ((char *) uaddr); + } +- printf ("%s\t%s\n", uaddr, hostname); +- if (strcmp (uaddr, UNKNOWN)) +- free ((char *) uaddr); + return (FALSE); + } + +diff -up rpcbind-1.2.5/src/util.c.orig rpcbind-1.2.5/src/util.c +--- rpcbind-1.2.5/src/util.c.orig 2018-08-15 10:51:19.000000000 -0400 ++++ rpcbind-1.2.5/src/util.c 2019-11-11 10:53:56.756677956 -0500 +@@ -322,9 +322,10 @@ network_init() + /* + * Now join the RPC ipv6 multicast group on all interfaces. + */ +- if (getifaddrs(&ifp) < 0) ++ if (getifaddrs(&ifp) < 0) { ++ freeaddrinfo (res); + return; +- ++ } + mreq6.ipv6mr_interface = 0; + inet_pton(AF_INET6, RPCB_MULTICAST_ADDR, &mreq6.ipv6mr_multiaddr); + +@@ -352,8 +353,8 @@ network_init() + perror("setsockopt v6 multicast"); + } + #endif +- +- /* close(s); */ ++ freeaddrinfo (res); ++ close(s); + } + + struct sockaddr * diff --git a/SPECS/rpcbind.spec b/SPECS/rpcbind.spec index a0a633e..b9b45cd 100644 --- a/SPECS/rpcbind.spec +++ b/SPECS/rpcbind.spec @@ -4,7 +4,7 @@ Name: rpcbind Version: 1.2.5 -Release: 3%{?dist} +Release: 5%{?dist} Summary: Universal Addresses to RPC Program Number Mapper Group: System Environment/Daemons License: BSD @@ -27,6 +27,11 @@ Requires(postun): systemd coreutils # Patch001: rpcbind-1.2.5-rpcinfo-bufoverflow.patch +# +# RHEL 8.2 +# +Patch002: rpcbind-1.2.5-covscan-resource-leaks.patch + Patch100: rpcbind-0.2.3-systemd-envfile.patch Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch Patch102: rpcbind-0.2.4-runstatdir.patch @@ -47,6 +52,9 @@ RPC calls on a server on that machine. # 1637565 - rpcinfo: Fix stack buffer overflow %patch001 -p1 +# 1602680 - Please review important issues found by covscan... +%patch002 -p1 + %patch100 -p1 %patch101 -p1 %patch102 -p1 @@ -141,6 +149,12 @@ fi %attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir} %changelog +* Mon Nov 11 2019 Steve Dickson - 1.2.5-5 +- Removed some issues found by covscan (bz 1602680) + +* Fri Jul 26 2019 Steve Dickson - 1.2.5-4 +- Enable gating using reverse dependency testing of nfs-utils (bz 1681967 + * Sat Oct 20 2018 Steve Dickson - 1.2.5-3 - Update the URL (bz 1638664)