[file] fix potential memory leak introduced in previous commit
Jan Kaluža
jkaluza at fedoraproject.org
Tue Feb 25 11:49:12 UTC 2014
commit bae10229bdbe573a48064be8a959b938070cb927
Author: Jan Kaluza <jkaluza at redhat.com>
Date: Tue Feb 25 12:50:01 2014 +0100
fix potential memory leak introduced in previous commit
file-5.14-CVE-2014-1943.patch | 22 +++++++++++++++++++++-
file.spec | 5 ++++-
2 files changed, 25 insertions(+), 2 deletions(-)
---
diff --git a/file-5.14-CVE-2014-1943.patch b/file-5.14-CVE-2014-1943.patch
index 9e0cc06..5885118 100644
--- a/file-5.14-CVE-2014-1943.patch
+++ b/file-5.14-CVE-2014-1943.patch
@@ -38,7 +38,7 @@ index 4641c8b..e902c15 100644
if ((ms->flags & MAGIC_DEBUG) != 0)
(void)fprintf(stderr, "softmagic %d\n", m);
diff --git a/src/softmagic.c b/src/softmagic.c
-index 108d419..ee4b831 100644
+index 108d419..d543f87 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -41,6 +41,7 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.165 2013/03/07 02:22:24 christos Exp $")
@@ -86,3 +86,23 @@ index 108d419..ee4b831 100644
if ((ms->flags & MAGIC_DEBUG) != 0)
fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv);
rbuf = ms->o.buf;
+@@ -1722,12 +1725,16 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
+ ms->offset = soffset;
+ if (rv == 1) {
+ if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
+- file_printf(ms, m->desc, offset) == -1)
++ file_printf(ms, m->desc, offset) == -1) {
++ free(rbuf);
+ return -1;
+- if (file_printf(ms, "%s", rbuf) == -1)
++ }
++ if (file_printf(ms, "%s", rbuf) == -1) {
++ free(rbuf);
+ return -1;
+- free(rbuf);
++ }
+ }
++ free(rbuf);
+ return rv;
+
+ case FILE_USE:
diff --git a/file.spec b/file.spec
index 53e62ca..879a734 100644
--- a/file.spec
+++ b/file.spec
@@ -4,7 +4,7 @@
Summary: A utility for determining file types
Name: file
Version: 5.14
-Release: 15%{?dist}
+Release: 16%{?dist}
License: BSD
Group: Applications/File
Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@@ -196,6 +196,9 @@ cd %{py3dir}
%endif
%changelog
+* Tue Feb 25 2014 Jan Kaluza <jkaluza at redhat.com> - 5.14-16
+- fix potential memory leak introduced in previous commit
+
* Tue Feb 18 2014 Jan Kaluza <jkaluza at redhat.com> - 5.14-15
- fix #1065837 - fix for CVE-2014-1943
More information about the scm-commits
mailing list