From 639f55afc3e8d5e1923aa649561192aa4b415b76 Mon Sep 17 00:00:00 2001 From: Jan Kaluza Date: Feb 25 2014 12:31:38 +0000 Subject: fix potential memory leak introduced in previous commit --- diff --git a/file-5.14-CVE-2014-1943.patch b/file-5.14-CVE-2014-1943.patch index 9e0cc06..5885118 100644 --- a/file-5.14-CVE-2014-1943.patch +++ b/file-5.14-CVE-2014-1943.patch @@ -38,7 +38,7 @@ index 4641c8b..e902c15 100644 if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "softmagic %d\n", m); diff --git a/src/softmagic.c b/src/softmagic.c -index 108d419..ee4b831 100644 +index 108d419..d543f87 100644 --- a/src/softmagic.c +++ b/src/softmagic.c @@ -41,6 +41,7 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.165 2013/03/07 02:22:24 christos Exp $") @@ -86,3 +86,23 @@ index 108d419..ee4b831 100644 if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, "indirect @offs=%u[%d]\n", offset, rv); rbuf = ms->o.buf; +@@ -1722,12 +1725,16 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + ms->offset = soffset; + if (rv == 1) { + if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && +- file_printf(ms, m->desc, offset) == -1) ++ file_printf(ms, m->desc, offset) == -1) { ++ free(rbuf); + return -1; +- if (file_printf(ms, "%s", rbuf) == -1) ++ } ++ if (file_printf(ms, "%s", rbuf) == -1) { ++ free(rbuf); + return -1; +- free(rbuf); ++ } + } ++ free(rbuf); + return rv; + + case FILE_USE: diff --git a/file.spec b/file.spec index 53e62ca..879a734 100644 --- a/file.spec +++ b/file.spec @@ -4,7 +4,7 @@ Summary: A utility for determining file types Name: file Version: 5.14 -Release: 15%{?dist} +Release: 16%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -196,6 +196,9 @@ cd %{py3dir} %endif %changelog +* Tue Feb 25 2014 Jan Kaluza - 5.14-16 +- fix potential memory leak introduced in previous commit + * Tue Feb 18 2014 Jan Kaluza - 5.14-15 - fix #1065837 - fix for CVE-2014-1943