aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch
blob: b8cfb3c4dbb318581a9217395cc20c769e484682 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
From cea10cd1f2ef6bb4edaac0c1d46d47bf237c42b8 Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <rschiron@redhat.com>
Date: Mon, 21 Jan 2019 18:11:42 +0100
Subject: [PATCH] Fix UAF in comps_objmrtree_unite function

The added field is not used at all in many places and it is probably the
left-over of some copy-paste.

Upstream-Status: Backport
[https://github.com/rpm-software-management/libcomps/commit
/e3a5d056633677959ad924a51758876d415e7046]

CVE: CVE-2019-3817

Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
---
 libcomps/src/comps_mradix.c    | 2 --
 libcomps/src/comps_objmradix.c | 2 --
 libcomps/src/comps_objradix.c  | 2 --
 libcomps/src/comps_radix.c     | 1 -
 4 files changed, 7 deletions(-)

diff --git a/libcomps/src/comps_mradix.c b/libcomps/src/comps_mradix.c
index 338cb07..6ceb7c9 100644
--- a/libcomps/src/comps_mradix.c
+++ b/libcomps/src/comps_mradix.c
@@ -177,7 +177,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) {
     struct Pair {
         COMPS_HSList * subnodes;
         char * key;
-        char added;
     } *pair, *parent_pair;
 
     pair = malloc(sizeof(struct Pair));
@@ -195,7 +194,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) {
         parent_pair = (struct Pair*) it->data;
         free(it);
 
-        pair->added = 0;
         for (it = tmp_subnodes->first; it != NULL; it=it->next) {
             pair = malloc(sizeof(struct Pair));
             pair->subnodes = ((COMPS_MRTreeData*)it->data)->subnodes;
diff --git a/libcomps/src/comps_objmradix.c b/libcomps/src/comps_objmradix.c
index 9be6648..8771c89 100644
--- a/libcomps/src/comps_objmradix.c
+++ b/libcomps/src/comps_objmradix.c
@@ -285,7 +285,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) {
     struct Pair {
         COMPS_HSList * subnodes;
         char * key;
-        char added;
     } *pair, *parent_pair;
 
     pair = malloc(sizeof(struct Pair));
@@ -303,7 +302,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) {
         parent_pair = (struct Pair*) it->data;
         free(it);
 
-        pair->added = 0;
         for (it = tmp_subnodes->first; it != NULL; it=it->next) {
             pair = malloc(sizeof(struct Pair));
             pair->subnodes = ((COMPS_ObjMRTreeData*)it->data)->subnodes;
diff --git a/libcomps/src/comps_objradix.c b/libcomps/src/comps_objradix.c
index a790270..0ebaf22 100644
--- a/libcomps/src/comps_objradix.c
+++ b/libcomps/src/comps_objradix.c
@@ -692,7 +692,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) {
     struct Pair {
         COMPS_HSList * subnodes;
         char * key;
-        char added;
     } *pair, *parent_pair;
 
     pair = malloc(sizeof(struct Pair));
@@ -711,7 +710,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) {
         //printf("key-part:%s\n", parent_pair->key);
         free(it);
 
-        //pair->added = 0;
         for (it = tmp_subnodes->first; it != NULL; it=it->next) {
             pair = malloc(sizeof(struct Pair));
             pair->subnodes = ((COMPS_ObjRTreeData*)it->data)->subnodes;
diff --git a/libcomps/src/comps_radix.c b/libcomps/src/comps_radix.c
index ada4fda..05dcaf2 100644
--- a/libcomps/src/comps_radix.c
+++ b/libcomps/src/comps_radix.c
@@ -529,7 +529,6 @@ void comps_rtree_unite(COMPS_RTree *rt1, COMPS_RTree *rt2) {
     struct Pair {
         COMPS_HSList * subnodes;
         char * key;
-        char added;
     } *pair, *parent_pair;
 
     pair = malloc(sizeof(struct Pair));
-- 
2.22.0