Package: release.debian.org Severity: normal Tags: jessie User: [email protected] Usertags: pu
Hello release team,
A memory leak was found in in libmagic's (src:file) loader of magic
files, appearently independently by Shi Yin in PR/569[1] and Arnaud
Quette in #840754[2]. This was fixed upstream in version 5.29 which is
in testing and unstable (as 1:5.29-1), oldstable/wheezy doesn't seem to
have this problem.
For stable/jessie I'd like to handle this in the next point release.
The actual fix is commit FILE5_28-42-g10ee4ec[3] where commit
FILE5_24-31-g3aa35aa[4] is needed as a prerequisite. I've dropped a
hunk from that fix which AFAICS is not relevant for Debian and would
otherwise require the inclusion FILE5_25-3-gb0ccffd[5] as another
prerequisite: According to its description, that third commit is needed
on systems without mmap only.
Find attached:
* A debdiff for 1:5.22+15-2+deb8u3
* A commulative patch about the code changes to ease review.
After applying the patch, the valgrind check as described in the BTS
no longer reports leaks.
Regards,
Christoph
[1] https://bugs.gw.com/view.php?id=569
[2] https://bugs.debian.org/840754
[3] https://github.com/file/file/commit/FILE5_28-42-g10ee4ec
[4] https://github.com/file/file/commit/FILE5_24-31-g3aa35aa
[5] https://github.com/file/file/commit/FILE5_25-3-gb0ccffd
diff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog --- file-5.22+15/debian/changelog 2016-05-09 08:23:30.000000000 +0200 +++ file-5.22+15/debian/changelog 2016-12-04 10:00:07.000000000 +0100 @@ -1,3 +1,9 @@ +file (1:5.22+15-2+deb8u3) stable; urgency=medium + + * Fix memory leak in magic loader. Closes: #840754 + + -- Christoph Biedl <[email protected]> Sun, 04 Dec 2016 10:00:07 +0100 + file (1:5.22+15-2+deb8u2) stable; urgency=high * Fix CVE-2015-8865: diff -Nru file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch --- file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch 1970-01-01 01:00:00.000000000 +0100 +++ file-5.22+15/debian/patches/cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch 2016-12-02 00:00:46.000000000 +0100 @@ -0,0 +1,32 @@ +Subject: Don't leak memory when loading non-compiled files +Origin: FILE5_24-31-g3aa35aa +Upstream-Author: Christos Zoulas <[email protected]> +Date: Thu Sep 10 13:59:47 2015 +0000 + +--- a/src/apprentice.c ++++ b/src/apprentice.c +@@ -538,6 +538,7 @@ + private void + apprentice_unmap(struct magic_map *map) + { ++ size_t i; + if (map == NULL) + return; + +@@ -550,6 +551,8 @@ + #endif + case MAP_TYPE_MALLOC: + free(map->p); ++ for (i = 0; i < MAGIC_SETS; i++) ++ free(map->magic[i]); + break; + case MAP_TYPE_USER: + break; +@@ -1285,6 +1288,7 @@ + file_oomem(ms, sizeof(*map)); + return NULL; + } ++ map->type = MAP_TYPE_MALLOC; + + /* print silly verbose header for USG compat. */ + if (action == FILE_CHECK) diff -Nru file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch --- file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch 1970-01-01 01:00:00.000000000 +0100 +++ file-5.22+15/debian/patches/cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch 2016-12-04 09:36:35.000000000 +0100 @@ -0,0 +1,22 @@ +Subject: PR/569: Shi Yin: Fix memory leak +Origin: FILE5_28-42-g10ee4ec +Upstream-Author: Christos Zoulas <[email protected]> +Date: Sun Sep 11 13:53:02 2016 +0000 +Comment: Only relevant parts of that commit were used + +--- a/src/apprentice.c ++++ b/src/apprentice.c +@@ -404,11 +404,11 @@ + { + struct mlist *ml; + +- mlp->map = idx == 0 ? map : NULL; ++ mlp->map = NULL; + if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL) + return -1; + +- ml->map = NULL; ++ ml->map = idx == 0 ? map : NULL; + ml->magic = map->magic[idx]; + ml->nmagic = map->nmagic[idx]; + diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series --- file-5.22+15/debian/patches/series 2016-05-09 08:10:53.000000000 +0200 +++ file-5.22+15/debian/patches/series 2016-12-04 09:50:30.000000000 +0100 @@ -13,3 +13,5 @@ cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch CVE-2015-8865.6713ca4.patch +cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch +cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch
diff --git a/src/apprentice.c b/src/apprentice.c
index 1b574c5..ec7ac36 100644
--- a/src/apprentice.c
+++ b/src/apprentice.c
@@ -404,11 +404,11 @@ add_mlist(struct mlist *mlp, struct magic_map *map, size_t idx)
{
struct mlist *ml;
- mlp->map = idx == 0 ? map : NULL;
+ mlp->map = NULL;
if ((ml = CAST(struct mlist *, malloc(sizeof(*ml)))) == NULL)
return -1;
- ml->map = NULL;
+ ml->map = idx == 0 ? map : NULL;
ml->magic = map->magic[idx];
ml->nmagic = map->nmagic[idx];
@@ -538,6 +538,7 @@ free:
private void
apprentice_unmap(struct magic_map *map)
{
+ size_t i;
if (map == NULL)
return;
@@ -550,6 +551,8 @@ apprentice_unmap(struct magic_map *map)
#endif
case MAP_TYPE_MALLOC:
free(map->p);
+ for (i = 0; i < MAGIC_SETS; i++)
+ free(map->magic[i]);
break;
case MAP_TYPE_USER:
break;
@@ -1285,6 +1288,7 @@ apprentice_load(struct magic_set *ms, const char *fn, int action)
file_oomem(ms, sizeof(*map));
return NULL;
}
+ map->type = MAP_TYPE_MALLOC;
/* print silly verbose header for USG compat. */
if (action == FILE_CHECK)
signature.asc
Description: Digital signature
