Accepting request 1069782 from home:AZhou:branches:filesystems

- Add gptfdisk-fix-null-pointer-dereference.patch: Fix NULL pointer dereference in pervious patch, poptGetArg can return NULL so we should not pass it to strdup directly (bsc#1208877). OBS-URL: https://build.opensuse.org/request/show/1069782 OBS-URL: https://build.opensuse.org/package/show/filesystems/gptfdisk?expand=0&rev=24
2023-03-07 08:23:30 +00:00 · 2023-03-07 08:23:30 +00:00 · fa00c5e951
commit fa00c5e951
parent 61a9943f7e
3 changed files with 47 additions and 1 deletions
--- a/gptfdisk-fix-null-pointer-dereference.patch
+++ b/gptfdisk-fix-null-pointer-dereference.patch
@ -0,0 +1,37 @@
+From f5de3401b974ce103ffd93af8f9d43505a04aaf9 Mon Sep 17 00:00:00 2001
+From: Damian Kurek <starfire24680@gmail.com>
+Date: Thu, 7 Jul 2022 03:39:16 +0000
+Subject: [PATCH] Fix NULL dereference when duplicating string argument
+
+poptGetArg can return NULL if there are no additional arguments, which
+makes strdup dereference NULL on strlen
+---
+ gptcl.cc | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/gptcl.cc b/gptcl.cc
+index 0d578eb..ab95239 100644
+--- a/gptcl.cc
+++ b/gptcl.cc
+@@ -155,10 +155,11 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) {
+    } // while
+ 
+    // Assume first non-option argument is the device filename....
+-   device = strdup((char*) poptGetArg(poptCon));
+-   poptResetContext(poptCon);
+   device = (char*) poptGetArg(poptCon);
+ 
+    if (device != NULL) {
+      device = strdup(device);
+      poptResetContext(poptCon);
+       JustLooking(); // reset as necessary
+       BeQuiet(); // Tell called functions to be less verbose & interactive
+       if (LoadPartitions((string) device)) {
+@@ -498,6 +499,7 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) {
+          cerr << "Error encountered; not saving changes.\n";
+          retval = 4;
+       } // if
+      free(device);
+    } // if (device != NULL)
+    poptFreeContext(poptCon);
+    return retval;
--- a/gptfdisk.changes
+++ b/gptfdisk.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Mar  7 02:57:27 UTC 2023 - Alynx Zhou <alynx.zhou@suse.com>
+
+- Add gptfdisk-fix-null-pointer-dereference.patch: Fix NULL pointer
+  dereference in pervious patch, poptGetArg can return NULL so we
+  should not pass it to strdup directly (bsc#1208877).
+
 -------------------------------------------------------------------
 Fri Sep 30 11:17:17 UTC 2022 - Fabian Vogt <fvogt@suse.com>

--- a/gptfdisk.spec
+++ b/gptfdisk.spec
@ -1,7 +1,7 @@
 #
 # spec file for package gptfdisk
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -27,6 +27,8 @@ URL:            http://rodsbooks.com/gdisk
 #Git-Web:       https://sourceforge.net/p/gptfdisk/code/ci/master/tree/
 Source:         https://downloads.sf.net/%name/%name-%version.tar.gz
 Patch1:         0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch
+# PATCH-FIX-UPSTREAM gptfdisk-fix-null-pointer-dereference.patch bsc#1208877 alynx.zhou@suse.com -- Fix NULL pointer dereference in previous patch
+Patch2:         gptfdisk-fix-null-pointer-dereference.patch
 BuildRequires:  gcc-c++
 BuildRequires:  ncurses-devel
 BuildRequires:  pkgconfig(popt)