[patch/f20] Fixed memory leak in selinux patch.

Tim Waugh twaugh at fedoraproject.org
Mon Mar 9 09:57:39 UTC 2015 

commit e3adcf8512eb552aed3fe5e518409cd353ea104c
Author: Tim Waugh <twaugh at redhat.com>
Date:   Mon Mar 9 09:36:46 2015 +0000

    Fixed memory leak in selinux patch.

 patch-selinux.patch | 54 ++++++++++++++++++++++++++++-------------------------
 patch.spec          |  3 ++-
 2 files changed, 31 insertions(+), 26 deletions(-)
---
diff --git a/patch-selinux.patch b/patch-selinux.patch
index 715d762..da7a97b 100644
--- a/patch-selinux.patch
+++ b/patch-selinux.patch
@@ -1,6 +1,6 @@
 diff -up patch-2.7.5/src/common.h.selinux patch-2.7.5/src/common.h
 --- patch-2.7.5/src/common.h.selinux	2015-02-28 16:02:30.000000000 +0000
-+++ patch-2.7.5/src/common.h	2015-03-08 16:01:17.738326810 +0000
++++ patch-2.7.5/src/common.h	2015-03-09 09:29:46.083415914 +0000
 @@ -30,6 +30,8 @@
  #include <sys/types.h>
  #include <time.h>
@@ -20,7 +20,7 @@ diff -up patch-2.7.5/src/common.h.selinux patch-2.7.5/src/common.h
  
 diff -up patch-2.7.5/src/inp.c.selinux patch-2.7.5/src/inp.c
 --- patch-2.7.5/src/inp.c.selinux	2015-03-07 00:34:20.000000000 +0000
-+++ patch-2.7.5/src/inp.c	2015-03-08 16:01:17.738326810 +0000
++++ patch-2.7.5/src/inp.c	2015-03-09 09:29:46.084415918 +0000
 @@ -145,7 +145,7 @@ get_input_file (char const *filename, ch
      char *getbuf;
  
@@ -48,8 +48,8 @@ diff -up patch-2.7.5/src/inp.c.selinux patch-2.7.5/src/inp.c
      else if (! ((S_ISREG (file_type) || S_ISLNK (file_type))
  	        && (file_type & S_IFMT) == (instat.st_mode & S_IFMT)))
 diff -up patch-2.7.5/src/Makefile.am.selinux patch-2.7.5/src/Makefile.am
---- patch-2.7.5/src/Makefile.am.selinux	2015-03-08 16:01:17.738326810 +0000
-+++ patch-2.7.5/src/Makefile.am	2015-03-08 16:01:45.337183071 +0000
+--- patch-2.7.5/src/Makefile.am.selinux	2015-03-07 00:34:20.000000000 +0000
++++ patch-2.7.5/src/Makefile.am	2015-03-09 09:29:46.084415918 +0000
 @@ -37,7 +37,7 @@ patch_SOURCES = \
  
  AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib
@@ -60,8 +60,8 @@ diff -up patch-2.7.5/src/Makefile.am.selinux patch-2.7.5/src/Makefile.am
  if ENABLE_MERGE
    patch_SOURCES += merge.c
 diff -up patch-2.7.5/src/Makefile.in.selinux patch-2.7.5/src/Makefile.in
---- patch-2.7.5/src/Makefile.in.selinux	2015-03-08 16:01:17.738326810 +0000
-+++ patch-2.7.5/src/Makefile.in	2015-03-08 16:02:09.551057377 +0000
+--- patch-2.7.5/src/Makefile.in.selinux	2015-03-07 00:34:34.000000000 +0000
++++ patch-2.7.5/src/Makefile.in	2015-03-09 09:29:46.084415918 +0000
 @@ -1068,7 +1068,7 @@ patch_SOURCES = bestmatch.h common.h inp
  AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib \
  	$(am__append_2)
@@ -73,7 +73,7 @@ diff -up patch-2.7.5/src/Makefile.in.selinux patch-2.7.5/src/Makefile.in
  
 diff -up patch-2.7.5/src/patch.c.selinux patch-2.7.5/src/patch.c
 --- patch-2.7.5/src/patch.c.selinux	2015-03-07 00:34:20.000000000 +0000
-+++ patch-2.7.5/src/patch.c	2015-03-08 16:01:17.739326804 +0000
++++ patch-2.7.5/src/patch.c	2015-03-09 09:29:46.085415923 +0000
 @@ -263,19 +263,19 @@ main (int argc, char **argv)
  	  if (! strcmp (inname, outname))
  	    {
@@ -126,7 +126,7 @@ diff -up patch-2.7.5/src/patch.c.selinux patch-2.7.5/src/patch.c
      }
 diff -up patch-2.7.5/src/pch.c.selinux patch-2.7.5/src/pch.c
 --- patch-2.7.5/src/pch.c.selinux	2015-03-07 00:34:20.000000000 +0000
-+++ patch-2.7.5/src/pch.c	2015-03-08 16:01:17.739326804 +0000
++++ patch-2.7.5/src/pch.c	2015-03-09 09:29:46.085415923 +0000
 @@ -1,6 +1,6 @@
  /* reading patches */
  
@@ -204,28 +204,32 @@ diff -up patch-2.7.5/src/pch.c.selinux patch-2.7.5/src/pch.c
  
 diff -up patch-2.7.5/src/util.c.selinux patch-2.7.5/src/util.c
 --- patch-2.7.5/src/util.c.selinux	2015-03-07 00:34:20.000000000 +0000
-+++ patch-2.7.5/src/util.c	2015-03-08 16:04:27.633347234 +0000
-@@ -300,6 +300,19 @@ set_file_attributes (char const *to, enu
++++ patch-2.7.5/src/util.c	2015-03-09 09:36:02.025206352 +0000
+@@ -300,6 +300,23 @@ set_file_attributes (char const *to, enu
  		S_ISLNK (mode) ? "symbolic link" : "file",
  		quotearg (to));
      }
 +  if (attr & FA_SECCONTEXT)
 +    {
 +      security_context_t outcontext;
-+      if (incontext && getfilecon (to, &outcontext) != -1 &&
-+	  outcontext &&
-+	  strcmp (outcontext, incontext) &&
-+	  setfilecon (to, incontext) != 0)
++      if (incontext && getfilecon (to, &outcontext) != -1 && outcontext)
 +	{
-+	  if (errno != ENOTSUP && errno != EPERM)
-+	    pfatal ("Can't set security context on file %s",
-+		    quotearg (to));
++	  if (strcmp (outcontext, incontext) &&
++	      setfilecon (to, incontext) != 0)
++	    {
++	      freecon (outcontext);
++	      if (errno != ENOTSUP && errno != EPERM)
++		pfatal ("Can't set security context on file %s",
++			quotearg (to));
++	    }
++	  else
++	    freecon (outcontext);
 +	}
 +    }
  }
  
  static void
-@@ -446,7 +459,7 @@ move_file (char const *from, bool *from_
+@@ -446,7 +463,7 @@ move_file (char const *from, bool *from_
    struct stat to_st;
    int to_errno;
  
@@ -234,7 +238,7 @@ diff -up patch-2.7.5/src/util.c.selinux patch-2.7.5/src/util.c
    if (backup)
      create_backup (to, to_errno ? NULL : &to_st, false);
    if (! to_errno)
-@@ -816,7 +829,8 @@ version_controller (char const *filename
+@@ -816,7 +833,8 @@ version_controller (char const *filename
     Return true if successful.  */
  bool
  version_get (char const *filename, char const *cs, bool exists, bool readonly,
@@ -244,7 +248,7 @@ diff -up patch-2.7.5/src/util.c.selinux patch-2.7.5/src/util.c
  {
    if (patch_get < 0)
      {
-@@ -841,6 +855,13 @@ version_get (char const *filename, char
+@@ -841,6 +859,13 @@ version_get (char const *filename, char
  	fatal ("Can't get file %s from %s", quotearg (filename), cs);
        if (safe_stat (filename, filestat) != 0)
  	pfatal ("%s", quotearg (filename));
@@ -258,7 +262,7 @@ diff -up patch-2.7.5/src/util.c.selinux patch-2.7.5/src/util.c
      }
  
    return 1;
-@@ -1664,12 +1685,28 @@ make_tempfile (char const **name, char l
+@@ -1664,12 +1689,28 @@ make_tempfile (char const **name, char l
    return fd;
  }
  
@@ -269,8 +273,7 @@ diff -up patch-2.7.5/src/util.c.selinux patch-2.7.5/src/util.c
      follow_symlinks ? safe_stat : safe_lstat;
 +  int (*xgetfilecon)(char const *, security_context_t *) =
 +    follow_symlinks ? getfilecon : lgetfilecon;
- 
--  return xstat (filename, st) == 0 ? 0 : errno;
++
 +  if (xstat (filename, st) == 0)
 +    {
 +      if (con)
@@ -278,7 +281,8 @@ diff -up patch-2.7.5/src/util.c.selinux patch-2.7.5/src/util.c
 +	  if (xgetfilecon (filename, con) != -1 ||
 +	      errno == ENODATA || errno == ENOTSUP)
 +	    return 0;
-+
+ 
+-  return xstat (filename, st) == 0 ? 0 : errno;
 +	  *con = NULL;
 +	}
 +      else
@@ -291,7 +295,7 @@ diff -up patch-2.7.5/src/util.c.selinux patch-2.7.5/src/util.c
  /* Check if a filename is relative and free of ".." components.
 diff -up patch-2.7.5/src/util.h.selinux patch-2.7.5/src/util.h
 --- patch-2.7.5/src/util.h.selinux	2015-01-31 21:14:01.000000000 +0000
-+++ patch-2.7.5/src/util.h	2015-03-08 16:01:17.740326799 +0000
++++ patch-2.7.5/src/util.h	2015-03-09 09:29:46.085415923 +0000
 @@ -44,7 +44,7 @@ char *parse_name (char const *, int, cha
  char *savebuf (char const *, size_t);
  char *savestr (char const *);
diff --git a/patch.spec b/patch.spec
index 714e1ac..14c26df 100644
--- a/patch.spec
+++ b/patch.spec
@@ -54,7 +54,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/*
 
 %changelog
-* Sun Mar  8 2015 Tim Waugh <twaugh at redhat.com> - 2.7.5-1
+* Mon Mar  9 2015 Tim Waugh <twaugh at redhat.com> - 2.7.5-1
+- Fixed memory leak in selinux patch.
 - 2.7.5, including an even better fix for CVE-2015-1196 that still
   allows relative symlinks to be created/used.

More information about the scm-commits mailing list