From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 225AD385DDC7 for ; Sat, 22 Jun 2024 23:50:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 225AD385DDC7 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 225AD385DDC7 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=45.83.234.184 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1719100233; cv=none; b=gsRbANEjBjNi0zUvpRZ+pN+A/mE14JoX/dYCeTmPRIAlk63gGfM4326jy3qLL/t5BxI57COUtnXWVL/rigQho2JQnfuEi4ykgCT8oHpptEN5gNclrxQxOhuNQAfXFbpk+VbJG9gANPUjoFhxP2BBnfdz6jw2HDehqm8qSYj+3Hg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1719100233; c=relaxed/simple; bh=b/zo5Z56outTXhfKyvYIa4S/lrnh8gIWTpR3jqRl60w=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=ixokQFYZhz8++k7P+xpyjrT75bQOUnJDn5aOk4GH623bShsJdttJ2kJCwWX/ZfGNUHB+ELtrZUtrcKcynFkrKien+mR9w8KdZoCPlBORlCIPedUPRG4jnsVpnnFcB7ME4aGXtTDfBjer0UC1k4SGjO6DlUgNtpUZmNFaaOcBEFE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from mwielaar-thinkpadp1gen3.rmtnl.csb (deer0x08.wildebeest.org [172.31.17.138]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 32B333032F85; Sun, 23 Jun 2024 01:50:31 +0200 (CEST) Received: by mwielaar-thinkpadp1gen3.rmtnl.csb (Postfix, from userid 10916) id 1F4E01A624C; Sun, 23 Jun 2024 01:50:31 +0200 (CEST) From: Mark Wielaard To: elfutils-devel@sourceware.org Cc: Mark Wielaard Subject: [PATCH 3/4] debuginfod-client: Don't leak id/version with duplicate os-release entries Date: Sun, 23 Jun 2024 01:50:12 +0200 Message-ID: <20240622235013.2071424-3-mark@klomp.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240622235013.2071424-1-mark@klomp.org> References: <20240622235013.2071424-1-mark@klomp.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-8.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Found by GCC14 -Wanalyzer-double-free. If the os-release file would contain multiple ID or VERSION_ID entries we would leak the originally parsed one. Fix by seeing whether id or version is already set and ignore any future entries. * debuginfod/debuginfod-client.c (add_default_headers): Check whether id or version is already set before resetting them. Signed-off-by: Mark Wielaard --- debuginfod/debuginfod-client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c index 95f2a92b701c..24ede19af385 100644 --- a/debuginfod/debuginfod-client.c +++ b/debuginfod/debuginfod-client.c @@ -673,9 +673,9 @@ add_default_headers(debuginfod_client *client) v++; s[len - 1] = '\0'; } - if (strcmp (s, "ID") == 0) + if (id == NULL && strcmp (s, "ID") == 0) id = strdup (v); - if (strcmp (s, "VERSION_ID") == 0) + if (version == NULL && strcmp (s, "VERSION_ID") == 0) version = strdup (v); } fclose (f); -- 2.45.2