diff --git a/gptfdisk-fix-null-pointer-dereference.patch b/gptfdisk-fix-null-pointer-dereference.patch new file mode 100644 index 0000000..6766772 --- /dev/null +++ b/gptfdisk-fix-null-pointer-dereference.patch @@ -0,0 +1,37 @@ +From f5de3401b974ce103ffd93af8f9d43505a04aaf9 Mon Sep 17 00:00:00 2001 +From: Damian Kurek +Date: Thu, 7 Jul 2022 03:39:16 +0000 +Subject: [PATCH] Fix NULL dereference when duplicating string argument + +poptGetArg can return NULL if there are no additional arguments, which +makes strdup dereference NULL on strlen +--- + gptcl.cc | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/gptcl.cc b/gptcl.cc +index 0d578eb..ab95239 100644 +--- a/gptcl.cc ++++ b/gptcl.cc +@@ -155,10 +155,11 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) { + } // while + + // Assume first non-option argument is the device filename.... +- device = strdup((char*) poptGetArg(poptCon)); +- poptResetContext(poptCon); ++ device = (char*) poptGetArg(poptCon); + + if (device != NULL) { ++ device = strdup(device); ++ poptResetContext(poptCon); + JustLooking(); // reset as necessary + BeQuiet(); // Tell called functions to be less verbose & interactive + if (LoadPartitions((string) device)) { +@@ -498,6 +499,7 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) { + cerr << "Error encountered; not saving changes.\n"; + retval = 4; + } // if ++ free(device); + } // if (device != NULL) + poptFreeContext(poptCon); + return retval; diff --git a/gptfdisk.changes b/gptfdisk.changes index 23f2824..3ca1e54 100644 --- a/gptfdisk.changes +++ b/gptfdisk.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Mar 7 02:57:27 UTC 2023 - Alynx Zhou + +- Add gptfdisk-fix-null-pointer-dereference.patch: Fix NULL pointer + dereference in pervious patch, poptGetArg can return NULL so we + should not pass it to strdup directly (bsc#1208877). + ------------------------------------------------------------------- Fri Sep 30 11:17:17 UTC 2022 - Fabian Vogt diff --git a/gptfdisk.spec b/gptfdisk.spec index 32ffd8e..36a19b6 100644 --- a/gptfdisk.spec +++ b/gptfdisk.spec @@ -1,7 +1,7 @@ # # spec file for package gptfdisk # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,8 @@ URL: http://rodsbooks.com/gdisk #Git-Web: https://sourceforge.net/p/gptfdisk/code/ci/master/tree/ Source: https://downloads.sf.net/%name/%name-%version.tar.gz Patch1: 0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch +# PATCH-FIX-UPSTREAM gptfdisk-fix-null-pointer-dereference.patch bsc#1208877 alynx.zhou@suse.com -- Fix NULL pointer dereference in previous patch +Patch2: gptfdisk-fix-null-pointer-dereference.patch BuildRequires: gcc-c++ BuildRequires: ncurses-devel BuildRequires: pkgconfig(popt)