From 4b7b124d75894dcca8590ba351fc6524973ff80b Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: May 03 2021 15:54:40 +0000 Subject: Resolves: #1938699 - http2: fix resource leaks detected by Coverity --- diff --git a/0001-curl-7.76.1-resource-leaks.patch b/0001-curl-7.76.1-resource-leaks.patch new file mode 100644 index 0000000..3fd4f40 --- /dev/null +++ b/0001-curl-7.76.1-resource-leaks.patch @@ -0,0 +1,133 @@ +From 2281afef6757ed66c9e8a9a737aa91cb9e2950ef Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Fri, 30 Apr 2021 18:14:45 +0200 +Subject: [PATCH 1/2] http2: fix resource leaks in set_transfer_url() + +... detected by Coverity: + +Error: RESOURCE_LEAK (CWE-772): +lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] +lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". +lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] +lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to. + +Error: RESOURCE_LEAK (CWE-772): +lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] +lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". +lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] +lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to. + +Error: RESOURCE_LEAK (CWE-772): +lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] +lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". +lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] +lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to. + +Error: RESOURCE_LEAK (CWE-772): +lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] +lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". +lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.] +lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to. + +Closes #6986 + +Upstream-commit: 31931704707324af4b4edb24cc877829f7e9949e +Signed-off-by: Kamil Dudka +--- + lib/http2.c | 24 +++++++++++++++++------- + 1 file changed, 17 insertions(+), 7 deletions(-) + +diff --git a/lib/http2.c b/lib/http2.c +index ce9a0d3..d5ba89b 100644 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -500,32 +500,42 @@ static int set_transfer_url(struct Curl_easy *data, + CURLU *u = curl_url(); + CURLUcode uc; + char *url; ++ int rc = 0; + + v = curl_pushheader_byname(hp, ":scheme"); + if(v) { + uc = curl_url_set(u, CURLUPART_SCHEME, v, 0); +- if(uc) +- return 1; ++ if(uc) { ++ rc = 1; ++ goto fail; ++ } + } + + v = curl_pushheader_byname(hp, ":authority"); + if(v) { + uc = curl_url_set(u, CURLUPART_HOST, v, 0); +- if(uc) +- return 2; ++ if(uc) { ++ rc = 2; ++ goto fail; ++ } + } + + v = curl_pushheader_byname(hp, ":path"); + if(v) { + uc = curl_url_set(u, CURLUPART_PATH, v, 0); +- if(uc) +- return 3; ++ if(uc) { ++ rc = 3; ++ goto fail; ++ } + } + + uc = curl_url_get(u, CURLUPART_URL, &url, 0); + if(uc) +- return 4; ++ rc = 4; ++ fail: + curl_url_cleanup(u); ++ if(rc) ++ return rc; + + if(data->state.url_alloc) + free(data->state.url); +-- +2.30.2 + + +From 92ad72983f8462be1d5a5228672657ddf4d7ed72 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Fri, 30 Apr 2021 18:18:02 +0200 +Subject: [PATCH 2/2] http2: fix a resource leak in push_promise() + +... detected by Coverity: + +Error: RESOURCE_LEAK (CWE-772): +lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle". +lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)". +lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url". +lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to. + +Closes #6986 + +Upstream-commit: 3a6058cb976981ec1db870f9657c73c9a1162822 +Signed-off-by: Kamil Dudka +--- + lib/http2.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/http2.c b/lib/http2.c +index d5ba89b..d0f69ea 100644 +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -581,6 +581,7 @@ static int push_promise(struct Curl_easy *data, + + rv = set_transfer_url(newhandle, &heads); + if(rv) { ++ (void)Curl_close(&newhandle); + rv = CURL_PUSH_DENY; + goto fail; + } +-- +2.30.2 + diff --git a/curl.spec b/curl.spec index 1eaa8ba..f8b0c24 100644 --- a/curl.spec +++ b/curl.spec @@ -1,10 +1,13 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.76.1 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Source: https://curl.se/download/%{name}-%{version}.tar.xz +# http2: fix resource leaks detected by Coverity +Patch1: 0001-curl-7.76.1-resource-leaks.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -180,6 +183,7 @@ be installed. %setup -q # upstream patches +%patch1 -p1 # Fedora patches %patch101 -p1 @@ -360,6 +364,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Mon May 03 2021 Kamil Dudka - 7.76.1-2 +- http2: fix resource leaks detected by Coverity + * Wed Apr 14 2021 Kamil Dudka - 7.76.1-1 - new upstream release