commit: 24195ad7e78da44b9a5856d227c592ab9482ab49 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Sat Feb 17 12:03:32 2018 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Sat Feb 17 13:37:21 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24195ad7
dev-libs/libtar: Fix various memleaks and filedescriptor-leaks Thanks-to: Michał Łyszczek <michal.lyszczek <AT> gmail.com> Closes: https://bugs.gentoo.org/613438 Package-Manager: Portage-2.3.24, Repoman-2.3.6 .../libtar/files/libtar-1.2.20-bin-memleaks.patch | 117 +++++++++++++++++++++ dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch | 98 +++++++++++++++++ .../files/libtar-1.2.20-tar_open-memleak.patch | 24 +++++ dev-libs/libtar/libtar-1.2.20-r4.ebuild | 3 + 4 files changed, 242 insertions(+) diff --git a/dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch b/dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch new file mode 100644 index 00000000000..b6195da88d9 --- /dev/null +++ b/dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch @@ -0,0 +1,117 @@ +From f3c711cf3054ff366a1a3500cdc8c64ecc2d2da6 Mon Sep 17 00:00:00 2001 +From: Huzaifa Sidhpurwala <[email protected]> +Date: Tue, 15 Oct 2013 20:05:04 -0400 +Subject: [PATCH] fix memleaks in libtar sample program + +--- + libtar/libtar.c | 29 ++++++++++++++++++----------- + 1 file changed, 18 insertions(+), 11 deletions(-) + +diff --git a/libtar/libtar.c b/libtar/libtar.c +index bb5644c..23f8741 100644 +--- a/libtar/libtar.c ++++ b/libtar/libtar.c +@@ -253,6 +253,7 @@ extract(char *tarfile, char *rootdir) + if (tar_extract_all(t, rootdir) != 0) + { + fprintf(stderr, "tar_extract_all(): %s\n", strerror(errno)); ++ tar_close(t); + return -1; + } + +@@ -270,12 +271,13 @@ extract(char *tarfile, char *rootdir) + + + void +-usage() ++usage(void *rootdir) + { + printf("Usage: %s [-C rootdir] [-g] [-z] -x|-t filename.tar\n", + progname); + printf(" %s [-C rootdir] [-g] [-z] -c filename.tar ...\n", + progname); ++ free(rootdir); + exit(-1); + } + +@@ -292,6 +294,7 @@ main(int argc, char *argv[]) + int c; + int mode = 0; + libtar_list_t *l; ++ int return_code = -2; + + progname = basename(argv[0]); + +@@ -313,17 +316,17 @@ main(int argc, char *argv[]) + break; + case 'c': + if (mode) +- usage(); ++ usage(rootdir); + mode = MODE_CREATE; + break; + case 'x': + if (mode) +- usage(); ++ usage(rootdir); + mode = MODE_EXTRACT; + break; + case 't': + if (mode) +- usage(); ++ usage(rootdir); + mode = MODE_LIST; + break; + #ifdef HAVE_LIBZ +@@ -332,7 +335,7 @@ main(int argc, char *argv[]) + break; + #endif /* HAVE_LIBZ */ + default: +- usage(); ++ usage(rootdir); + } + + if (!mode || ((argc - optind) < (mode == MODE_CREATE ? 2 : 1))) +@@ -341,7 +344,7 @@ main(int argc, char *argv[]) + printf("argc - optind == %d\tmode == %d\n", argc - optind, + mode); + #endif +- usage(); ++ usage(rootdir); + } + + #ifdef DEBUG +@@ -351,21 +354,25 @@ main(int argc, char *argv[]) + switch (mode) + { + case MODE_EXTRACT: +- return extract(argv[optind], rootdir); ++ return_code = extract(argv[optind], rootdir); ++ break; + case MODE_CREATE: + tarfile = argv[optind]; + l = libtar_list_new(LIST_QUEUE, NULL); + for (c = optind + 1; c < argc; c++) + libtar_list_add(l, argv[c]); +- return create(tarfile, rootdir, l); ++ return_code = create(tarfile, rootdir, l); ++ libtar_list_free(l, NULL); ++ break; + case MODE_LIST: +- return list(argv[optind]); ++ return_code = list(argv[optind]); ++ break; + default: + break; + } + +- /* NOTREACHED */ +- return -2; ++ free(rootdir); ++ return return_code; + } + + +-- +2.10.5.GIT + diff --git a/dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch b/dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch new file mode 100644 index 00000000000..816c9692551 --- /dev/null +++ b/dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch @@ -0,0 +1,98 @@ +From abd0274e6b2f708e9eaa29414b07b3f542cec694 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <[email protected]> +Date: Tue, 15 Oct 2013 19:48:41 -0400 +Subject: [PATCH] fix file descriptor leaks reported by cppcheck + +Bug: https://bugzilla.redhat.com/785760 +--- + lib/append.c | 14 +++++++++----- + lib/extract.c | 4 ++++ + libtar/libtar.c | 3 +++ + 3 files changed, 16 insertions(+), 5 deletions(-) + +diff --git a/lib/append.c b/lib/append.c +index e8bd89d..ff58532 100644 +--- a/lib/append.c ++++ b/lib/append.c +@@ -216,6 +216,7 @@ tar_append_regfile(TAR *t, const char *realname) + int filefd; + int i, j; + size_t size; ++ int rv = -1; + + filefd = open(realname, O_RDONLY); + if (filefd == -1) +@@ -234,25 +235,28 @@ tar_append_regfile(TAR *t, const char *realname) + { + if (j != -1) + errno = EINVAL; +- return -1; ++ goto fail; + } + if (tar_block_write(t, &block) == -1) +- return -1; ++ goto fail; + } + + if (i > 0) + { + j = read(filefd, &block, i); + if (j == -1) +- return -1; ++ goto fail; + memset(&(block[i]), 0, T_BLOCKSIZE - i); + if (tar_block_write(t, &block) == -1) +- return -1; ++ goto fail; + } + ++ /* success! */ ++ rv = 0; ++fail: + close(filefd); + +- return 0; ++ return rv; + } + + +diff --git a/lib/extract.c b/lib/extract.c +index 36357e7..9fc6ad5 100644 +--- a/lib/extract.c ++++ b/lib/extract.c +@@ -228,13 +228,17 @@ tar_extract_regfile(TAR *t, char *realname) + { + if (k != -1) + errno = EINVAL; ++ close(fdout); + return -1; + } + + /* write block to output file */ + if (write(fdout, buf, + ((i > T_BLOCKSIZE) ? T_BLOCKSIZE : i)) == -1) ++ { ++ close(fdout); + return -1; ++ } + } + + /* close output file */ +diff --git a/libtar/libtar.c b/libtar/libtar.c +index 9fa92b2..bb5644c 100644 +--- a/libtar/libtar.c ++++ b/libtar/libtar.c +@@ -83,7 +83,10 @@ gzopen_frontend(char *pathname, int oflags, int mode) + return -1; + + if ((oflags & O_CREAT) && fchmod(fd, mode)) ++ { ++ close(fd); + return -1; ++ } + + gzf = gzdopen(fd, gzoflags); + if (!gzf) +-- +2.10.5.GIT + diff --git a/dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch b/dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch new file mode 100644 index 00000000000..b2a1209f3fc --- /dev/null +++ b/dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch @@ -0,0 +1,24 @@ +From 36629a41208375f5105427e98078127551692028 Mon Sep 17 00:00:00 2001 +From: Huzaifa Sidhpurwala <[email protected]> +Date: Tue, 15 Oct 2013 20:02:58 -0400 +Subject: [PATCH] fix memleak on tar_open() failure + +--- + lib/handle.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/handle.c b/lib/handle.c +index 33a262c..002d23c 100644 +--- a/lib/handle.c ++++ b/lib/handle.c +@@ -82,6 +82,7 @@ tar_open(TAR **t, const char *pathname, tartype_t *type, + (*t)->fd = (*((*t)->type->openfunc))(pathname, oflags, mode); + if ((*t)->fd == -1) + { ++ libtar_hash_free((*t)->h, NULL); + free(*t); + return -1; + } +-- +2.10.5.GIT + diff --git a/dev-libs/libtar/libtar-1.2.20-r4.ebuild b/dev-libs/libtar/libtar-1.2.20-r4.ebuild index 5f441bbfa57..eccd392e3ba 100644 --- a/dev-libs/libtar/libtar-1.2.20-r4.ebuild +++ b/dev-libs/libtar/libtar-1.2.20-r4.ebuild @@ -33,6 +33,9 @@ PATCHES=( "${FILESDIR}"/${PN}-1.2.11-free.patch "${FILESDIR}"/${PN}-1.2.11-impl-dec.patch "${FILESDIR}"/CVE-2013-4420.patch + "${FILESDIR}"/${P}-fd-leaks.patch + "${FILESDIR}"/${P}-tar_open-memleak.patch + "${FILESDIR}"/${P}-bin-memleaks.patch ) src_prepare() {
