- fix potential access of freed mem in ndb's glue code [bnc#1179416]
OBS-URL: https://build.opensuse.org/package/show/Base:System/rpm?expand=0&rev=565
This commit is contained in:
Git OBS Bridge
142
ndbglue.diff
142
ndbglue.diff
@@ -1,135 +1,31 @@
|
|||||||
--- ./lib/backend/ndb/glue.c.orig
|
--- ./lib/backend/ndb/glue.c.orig 2021-01-05 15:36:03.097744355 +0000
|
||||||
+++ ./lib/backend/ndb/glue.c
|
+++ ./lib/backend/ndb/glue.c 2021-01-05 15:36:35.353659287 +0000
|
||||||
@@ -19,6 +19,8 @@ struct dbiCursor_s {
|
@@ -316,7 +316,7 @@ static rpmRC ndb_pkgdbPut(dbiIndex dbi,
|
||||||
const void *key;
|
|
||||||
unsigned int keylen;
|
|
||||||
unsigned int hdrNum;
|
|
||||||
+ void *data;
|
|
||||||
+ unsigned int datalen;
|
|
||||||
int flags;
|
|
||||||
|
|
||||||
unsigned int *list;
|
if (hnum == 0) {
|
||||||
@@ -33,7 +35,7 @@ struct ndbEnv_s {
|
rc = rpmpkgNextPkgIdx(dbc->dbi->dbi_db, &hnum);
|
||||||
int refs;
|
- if (!rc)
|
||||||
int dofsync;
|
+ if (!rc && ndbenv->hdrNum == hnum)
|
||||||
|
setdata(dbc, hnum, 0, 0);
|
||||||
- unsigned int hdrNum;
|
|
||||||
+ unsigned int hdrNum; /* free for adoption */
|
|
||||||
void *data;
|
|
||||||
unsigned int datalen;
|
|
||||||
};
|
|
||||||
@@ -278,6 +280,40 @@ static int ndb_Ctrl(rpmdb rdb, dbCtrlOp ctrl)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static void setenvdata(struct ndbEnv_s *ndbenv, unsigned int hdrNum, unsigned char *hdrBlob, unsigned int hdrLen)
|
|
||||||
+{
|
|
||||||
+ if (ndbenv->data)
|
|
||||||
+ free(ndbenv->data);
|
|
||||||
+ ndbenv->hdrNum = hdrNum;
|
|
||||||
+ ndbenv->data = hdrBlob;
|
|
||||||
+ ndbenv->datalen = hdrLen;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void setdata(dbiCursor dbc, unsigned int hdrNum, unsigned char *hdrBlob, unsigned int hdrLen)
|
|
||||||
+{
|
|
||||||
+ struct ndbEnv_s *ndbenv = dbc->dbi->dbi_rpmdb->db_dbenv;
|
|
||||||
+ if (ndbenv->data)
|
|
||||||
+ setenvdata(ndbenv, 0, 0, 0); /* clear dbenv cache */
|
|
||||||
+ if (dbc->data)
|
|
||||||
+ free(dbc->data);
|
|
||||||
+ dbc->hdrNum = hdrNum;
|
|
||||||
+ dbc->data = hdrBlob;
|
|
||||||
+ dbc->datalen = hdrLen;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void adoptdata(dbiCursor dbc)
|
|
||||||
+{
|
|
||||||
+ struct ndbEnv_s *ndbenv = dbc->dbi->dbi_rpmdb->db_dbenv;
|
|
||||||
+ if (dbc->data)
|
|
||||||
+ free(dbc->data);
|
|
||||||
+ dbc->hdrNum = ndbenv->hdrNum;
|
|
||||||
+ dbc->data = ndbenv->data;
|
|
||||||
+ dbc->datalen = ndbenv->datalen;
|
|
||||||
+ ndbenv->hdrNum = 0;
|
|
||||||
+ ndbenv->data = 0;
|
|
||||||
+ ndbenv->datalen = 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static dbiCursor ndb_CursorInit(dbiIndex dbi, unsigned int flags)
|
|
||||||
{
|
|
||||||
dbiCursor dbc = xcalloc(1, sizeof(*dbc));
|
|
||||||
@@ -293,21 +329,17 @@ static dbiCursor ndb_CursorFree(dbiIndex dbi, dbiCursor dbc)
|
|
||||||
free(dbc->list);
|
|
||||||
if (dbc->listdata)
|
|
||||||
free(dbc->listdata);
|
|
||||||
+ if (dbc->data) {
|
|
||||||
+ /* release data into dbenv so that the next cursor can adopt it */
|
|
||||||
+ struct ndbEnv_s *ndbenv = dbc->dbi->dbi_rpmdb->db_dbenv;
|
|
||||||
+ setenvdata(ndbenv, dbc->hdrNum, dbc->data, dbc->datalen);
|
|
||||||
+ }
|
|
||||||
free(dbc);
|
|
||||||
}
|
}
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
@@ -325,7 +325,8 @@ static rpmRC ndb_pkgdbPut(dbiIndex dbi,
|
||||||
-static void setdata(dbiCursor dbc, unsigned int hdrNum, unsigned char *hdrBlob, unsigned int hdrLen)
|
|
||||||
-{
|
|
||||||
- struct ndbEnv_s *ndbenv = dbc->dbi->dbi_rpmdb->db_dbenv;
|
|
||||||
- if (ndbenv->data)
|
|
||||||
- free(ndbenv->data);
|
|
||||||
- ndbenv->hdrNum = hdrNum;
|
|
||||||
- ndbenv->data = hdrBlob;
|
|
||||||
- ndbenv->datalen = hdrLen;
|
|
||||||
-}
|
|
||||||
|
|
||||||
static rpmRC ndb_pkgdbPut(dbiIndex dbi, dbiCursor dbc, unsigned int *hdrNum, unsigned char *hdrBlob, unsigned int hdrLen)
|
|
||||||
{
|
|
||||||
@@ -324,7 +356,6 @@ static rpmRC ndb_pkgdbPut(dbiIndex dbi, dbiCursor dbc, unsigned int *hdrNum, un
|
|
||||||
rc = rpmpkgPut(dbc->dbi->dbi_db, hnum, hdrBlob, hdrLen);
|
|
||||||
|
|
||||||
if (!rc) {
|
if (!rc) {
|
||||||
- dbc->hdrNum = hnum;
|
dbc->hdrNum = hnum;
|
||||||
setdata(dbc, hnum, 0, 0);
|
- setdata(dbc, hnum, 0, 0);
|
||||||
|
+ if (ndbenv->hdrNum == hnum)
|
||||||
|
+ setdata(dbc, hnum, 0, 0);
|
||||||
*hdrNum = hnum;
|
*hdrNum = hnum;
|
||||||
}
|
}
|
||||||
@@ -333,7 +364,6 @@ static rpmRC ndb_pkgdbPut(dbiIndex dbi, dbiCursor dbc, unsigned int *hdrNum, un
|
return rc;
|
||||||
|
@@ -334,7 +335,8 @@ static rpmRC ndb_pkgdbPut(dbiIndex dbi,
|
||||||
static rpmRC ndb_pkgdbDel(dbiIndex dbi, dbiCursor dbc, unsigned int hdrNum)
|
static rpmRC ndb_pkgdbDel(dbiIndex dbi, dbiCursor dbc, unsigned int hdrNum)
|
||||||
{
|
{
|
||||||
- dbc->hdrNum = 0;
|
dbc->hdrNum = 0;
|
||||||
setdata(dbc, 0, 0, 0);
|
- setdata(dbc, 0, 0, 0);
|
||||||
|
+ if (ndbenv->hdrNum == hnum)
|
||||||
|
+ setdata(dbc, 0, 0, 0);
|
||||||
return rpmpkgDel(dbc->dbi->dbi_db, hdrNum);
|
return rpmpkgDel(dbc->dbi->dbi_db, hdrNum);
|
||||||
}
|
}
|
||||||
@@ -362,7 +392,6 @@ static rpmRC ndb_pkgdbIter(dbiIndex dbi, dbiCursor dbc, unsigned char **hdrBlob,
|
|
||||||
break;
|
|
||||||
dbc->ilist++;
|
|
||||||
if (!rc) {
|
|
||||||
- dbc->hdrNum = hdrNum;
|
|
||||||
setdata(dbc, hdrNum, *hdrBlob, *hdrLen);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
@@ -377,16 +406,16 @@ static rpmRC ndb_pkgdbGet(dbiIndex dbi, dbiCursor dbc, unsigned int hdrNum, unsi
|
|
||||||
|
|
||||||
if (!hdrNum)
|
|
||||||
return ndb_pkgdbIter(dbi, dbc, hdrBlob, hdrLen);
|
|
||||||
- if (hdrNum == ndbenv->hdrNum && ndbenv->data) {
|
|
||||||
- *hdrBlob = ndbenv->data;
|
|
||||||
- *hdrLen = ndbenv->datalen;
|
|
||||||
+ if (!dbc->data && ndbenv->data)
|
|
||||||
+ adoptdata(dbc);
|
|
||||||
+ if (dbc->data && hdrNum == dbc->hdrNum) {
|
|
||||||
+ *hdrBlob = dbc->data;
|
|
||||||
+ *hdrLen = dbc->datalen;
|
|
||||||
return RPMRC_OK;
|
|
||||||
}
|
|
||||||
rc = rpmpkgGet(dbc->dbi->dbi_db, hdrNum, hdrBlob, hdrLen);
|
|
||||||
- if (!rc) {
|
|
||||||
- dbc->hdrNum = hdrNum;
|
|
||||||
+ if (!rc)
|
|
||||||
setdata(dbc, hdrNum, *hdrBlob, *hdrLen);
|
|
||||||
- }
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package python-rpm
|
# spec file for package python-rpm
|
||||||
#
|
#
|
||||||
# Copyright (c) 2020 SUSE LLC
|
# Copyright (c) 2021 SUSE LLC
|
||||||
# Copyright (c) 2017 Neal Gompa <ngompa13@gmail.com>.
|
# Copyright (c) 2017 Neal Gompa <ngompa13@gmail.com>.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Dec 21 16:29:40 CET 2020 - mls@suse.de
|
Mon Dec 21 16:29:40 CET 2020 - mls@suse.de
|
||||||
|
|
||||||
- rework header data handling in ndb's glue code [bnc#1179416]
|
- fix potential access of freed mem in ndb's glue code [bnc#1179416]
|
||||||
* new patch: ndbglue.diff
|
* new patch: ndbglue.diff
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
|
|||||||
2
rpm.spec
2
rpm.spec
@@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package rpm
|
# spec file for package rpm
|
||||||
#
|
#
|
||||||
# Copyright (c) 2020 SUSE LLC
|
# Copyright (c) 2021 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
|||||||
Reference in New Issue
Block a user