From 1a69b38e16824165f458ab7b62b2f6bba453d9a0 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Jan 27 2021 16:32:37 +0000 Subject: Suppress intentional memleak in getprogname emulation (#1905581) --- diff --git a/p11-kit-0.23.22-progname-leak.patch b/p11-kit-0.23.22-progname-leak.patch new file mode 100644 index 0000000..0f1dd6e --- /dev/null +++ b/p11-kit-0.23.22-progname-leak.patch @@ -0,0 +1,87 @@ +From 40fbf74b02b8ad6625e3aa49d2cdef2b52e47a04 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 25 Jan 2021 18:24:01 +0100 +Subject: [PATCH] compat: Pacify ASan complaints on intentionally leaked buffer + +Reported by Viktor Ashirov in: +https://bugzilla.redhat.com/show_bug.cgi?id=1905581 +--- + common/compat.c | 25 +++++++++++++++++++------ + common/library.c | 9 +++++++++ + 2 files changed, 28 insertions(+), 6 deletions(-) + +diff --git a/common/compat.c b/common/compat.c +index 4390cef..d6c5af6 100644 +--- a/common/compat.c ++++ b/common/compat.c +@@ -100,6 +100,19 @@ extern char *program_invocation_short_name; + extern char *__progname; + #endif + ++#ifdef __linux__ ++/* This symbol is also defined in library.c so as to be freed by the library ++ * destructor. If weak symbols are not supported nor library.c is not linked we ++ * simply leak the memory allocated with realpath(). */ ++#ifdef __GNUC__ ++extern char *p11_program_realpath; ++ ++char *p11_program_realpath __attribute__((weak)); ++#else ++static char *p11_program_realpath; ++#endif ++#endif ++ + const char * + getprogname (void) + { +@@ -124,14 +137,14 @@ getprogname (void) + * Logic borrowed from: + * . + */ +- static char *buf; +- +- if (!buf) +- buf = realpath ("/proc/self/exe", NULL); ++ if (!p11_program_realpath) ++ p11_program_realpath = realpath ("/proc/self/exe", NULL); + +- if (buf && strncmp (buf, name, strlen (buf)) == 0) ++ if (p11_program_realpath && ++ strncmp (p11_program_realpath, name, ++ strlen (p11_program_realpath)) == 0) + /* Use the executable path if the prefix matches. */ +- name = strrchr (buf, '/') + 1; ++ name = strrchr (p11_program_realpath, '/') + 1; + else + /* Otherwise fall back to + * program_invocation_short_name. */ +diff --git a/common/library.c b/common/library.c +index 891344a..1581702 100644 +--- a/common/library.c ++++ b/common/library.c +@@ -82,6 +82,11 @@ unsigned int p11_forkid = 1; + extern locale_t p11_message_locale; + #endif + ++#ifdef __linux__ ++/* used only under __linux__ in the getprogname() emulation in compat.c. */ ++char *p11_program_realpath; ++#endif ++ + static char * + thread_local_message (void) + { +@@ -190,6 +195,10 @@ p11_library_uninit (void) + #endif + p11_mutex_uninit (&p11_virtual_mutex); + p11_mutex_uninit (&p11_library_mutex); ++ ++#ifdef __linux__ ++ free (p11_program_realpath); ++#endif + } + + #endif /* OS_UNIX */ +-- +2.29.2 + diff --git a/p11-kit.spec b/p11-kit.spec index 6f0f9a2..b49219a 100644 --- a/p11-kit.spec +++ b/p11-kit.spec @@ -1,6 +1,6 @@ # This spec file has been automatically updated Version: 0.23.22 -Release: 2%{?dist} +Release: 3%{?dist} Name: p11-kit Summary: Library for loading and sharing PKCS#11 modules @@ -11,6 +11,7 @@ Source1: https://github.com/p11-glue/p11-kit/releases/download/%{version} Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg Source3: trust-extract-compat Source4: p11-kit-client.service +Patch0: p11-kit-0.23.22-progname-leak.patch BuildRequires: gcc BuildRequires: libtasn1-devel >= 2.3 @@ -152,6 +153,9 @@ fi %changelog +* Tue Jan 26 2021 Daiki Ueno - 0.23.22-3 +- Suppress intentional memleak in getprogname emulation (#1905581) + * Tue Jan 26 2021 Fedora Release Engineering - 0.23.22-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild