Package: wget
Version: 1.18-5+deb9u1
Severity: important
Tags: patch upstream fixed-upstream
wget 1.18 has this code in hsts_store_open():
FILE *fp = fopen (filename, "r");
if (!fp || !hsts_read_database (store, fp, false))
{
/* abort! */
hsts_store_close (store);
xfree (store);
fclose (fp);
goto out;
}
fclose(NULL) has undefined behaviour and in stretch the result is
a SIGSEGV. So wget needs to check for NULL before calling fclose().
This is fixed in 1.19.
Ben.
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500,
'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages wget depends on:
ii libc6 2.27-2
ii libgnutls30 3.5.18-1
ii libidn2-0 2.0.4-1.1
ii libnettle6 3.4-1
ii libpcre3 2:8.39-9
ii libpsl5 0.20.1-1
ii libuuid1 2.31.1-0.5
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages wget recommends:
ii ca-certificates 20170717
wget suggests no packages.
-- no debconf information
Author: Ben Hutchings <b...@decadent.org.uk>
Date: Tue, 17 Apr 2018 02:55:33 +0100
Description: wget: Fix fclose(NULL) in hsts_store_open()
fclose(NULL) has undefined behaviour, so only call fclose() if fp != NULL.
--- a/src/hsts.c
+++ b/src/hsts.c
@@ -510,7 +510,8 @@ hsts_store_open (const char *filename)
/* abort! */
hsts_store_close (store);
xfree (store);
- fclose (fp);
+ if (fp)
+ fclose (fp);
goto out;
}
