[dpkg] 53/70: dpkg: Fix use after free in maintainer scripts handling

Wed, 29 Aug 2018 19:07:17 -0700 

This is an automated email from the git hooks/post-receive script.

guillem pushed a commit to branch master
in repository dpkg.

View the commit online:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=60e4b9c2e969cb876fd9282f92e73f799485620b

commit 60e4b9c2e969cb876fd9282f92e73f799485620b
Author: Guillem Jover <[email protected]>
AuthorDate: Wed Aug 22 02:12:15 2018 +0200

    dpkg: Fix use after free in maintainer scripts handling
    
    Fixes: commit 44b0bf1a576e3b0cfcb4c87f18d4195c3ffccb8f
---
 debian/changelog | 2 ++
 src/script.c     | 5 ++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 497cfb81e..7ac6dacac 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -85,6 +85,8 @@ dpkg (1.19.1) UNRELEASED; urgency=medium
     use a pager.
   * Run dpkg-query --list output through a pager if we are on a terminal,
     instead of truncating it, to avoid data loss. Closes: #898603
+  * Fix use after free in dpkg maintainer script handling. Regression
+    introduced in dpkg 1.19.0.
   * Architecture support:
     - Add support for riscv64 CPU. Closes: #822914
       Thanks to Manuel A. Fernandez Montecelo <[email protected]>
diff --git a/src/script.c b/src/script.c
index 9c8585b64..66792135b 100644
--- a/src/script.c
+++ b/src/script.c
@@ -226,12 +226,12 @@ vmaintscript_installed(struct pkginfo *pkg, const char 
*scriptname,
 
        if (stat(scriptpath, &stab)) {
                command_destroy(&cmd);
-               free(buf);
 
                if (errno == ENOENT) {
                        debug(dbg_scripts,
                              "vmaintscript_installed nonexistent %s",
                              scriptname);
+                       free(buf);
                        return 0;
                }
                ohshite(_("unable to stat %s '%.250s'"), buf, scriptpath);
@@ -302,12 +302,12 @@ maintscript_new(struct pkginfo *pkg, const char 
*scriptname,
 
        if (stat(cidir, &stab)) {
                command_destroy(&cmd);
-               free(buf);
 
                if (errno == ENOENT) {
                        debug(dbg_scripts,
                              "maintscript_new nonexistent %s '%s'",
                              scriptname, cidir);
+                       free(buf);
                        return 0;
                }
                ohshite(_("unable to stat %s '%.250s'"), buf, cidir);
@@ -375,7 +375,6 @@ maintscript_fallback(struct pkginfo *pkg,
 
        if (stat(cidir, &stab)) {
                command_destroy(&cmd);
-               free(buf);
 
                if (errno == ENOENT)
                        ohshit(_("there is no script in the new version of the 
package - giving up"));

-- 
Dpkg.Org's dpkg

Reply via email to