Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-82284

Resource leak in rpmsign

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Minor Minor
    • rhel-10.1
    • rhel-10.0
    • rpm
    • rpm-4.19.1.1-13.el10
    • No
    • Low
    • rhel-swm
    • ssg_core_services
    • 10
    • 12
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Hide

      OpenScanHub doesn't find the resource leak in rpmsing anymore.

      Show
      OpenScanHub doesn't find the resource leak in rpmsing anymore.
    • Pass
    • Not Needed
    • RegressionOnly
    • Release Note Not Required
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Found by OpenScanHab:

      8. rpm-4.19.1.1/sign/rpmgensig.c:245:6: alloc_fn: Storage is returned from allocation function "rpmExpand".
9. rpm-4.19.1.1/sign/rpmgensig.c:245:6: var_assign: Assigning: "gpg_path" = storage returned from "rpmExpand("%{?_gpg_path}", NULL)".
12. rpm-4.19.1.1/sign/rpmgensig.c:248:2: leaked_storage: Variable "gpg_path" going out of scope leaks the storage it points to.
#   246|   	    if (gpg_path && *gpg_path != '\0')
#   247|   		(void) setenv("GNUPGHOME", gpg_path, 1);
#   248|-> 	}
#   249|   	free(out);
#   250|

              mdomonko@redhat.com Michal Domonkos
              mdomonko@redhat.com Michal Domonkos
              packaging-team-maint packaging-team-maint
              Tomas Bajer Tomas Bajer
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: