Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-83619

elfutils debuginfod-client.c: fix uninitialized free

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • rhel-9.6.z
    • rhel-9.6.z
    • elfutils
    • None
    • elfutils-0.192-6.el9_6
    • No
    • Moderate
    • rhel-pt-perf-tools
    • ssg_platform_tools
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      debuginfod-client.c:debuginfod_validate_imasig might attempt to free an uninitialized variable. The following fixes the issue:

      diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
      index deff19ff..d89beae9 100644
      — a/debuginfod/debuginfod-client.c
      +++ b/debuginfod/debuginfod-client.c
      @@ -1587,6 +1587,7 @@ debuginfod_validate_imasig (debuginfod_client *c, int fd)

       {
   int rc = ENOSYS;
 
+    char* sig_buf = NULL;
     EVP_MD_CTX *ctx = NULL;
     if (!c || !c->winning_headers)
     {
@@ -1594,7 +1595,6 @@ debuginfod_validate_imasig (debuginfod_client *c, int fd)
       goto exit_validate;
     }
     // Extract the HEX IMA-signature from the header
-    char* sig_buf = NULL;
     char* hdr_ima_sig = strcasestr(c->winning_headers, "x-debuginfod-imasignature");
     if (!hdr_ima_sig || 1 != sscanf(hdr_ima_sig + strlen("x-debuginfod-imasignature:"), "%ms", &sig_buf))
     {

              amerey Aaron Merey
              amerey Aaron Merey
              Aaron Merey Aaron Merey
              Martin Cermak Martin Cermak
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: