Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Dear Release Team, Please unblock package openconnect, version 3.20-4 already in unstable. This version fixes bug #700805, possible memory leak introduced by previous version. This fix was requested for wheezy [1]. The debdiff is included below. Thank you. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700806#22 diffstat for openconnect-3.20 openconnect-3.20 changelog | 7 ++ patches/03_fix-abuse-of-realloc.patch | 97 ++++++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 105 insertions(+) diff -Nru openconnect-3.20/debian/changelog openconnect-3.20/debian/changelog --- openconnect-3.20/debian/changelog 2013-02-17 12:25:52.000000000 -0500 +++ openconnect-3.20/debian/changelog 2013-02-28 23:42:35.000000000 -0500 @@ -1,3 +1,10 @@ +openconnect (3.20-4) unstable; urgency=low + + * debian/patches/03_fix-abuse-of-realloc.patch: Backport patch from upstream + to fix possible memory leaks on realloc. (Closes: #700805) + + -- Mike Miller <mtmil...@ieee.org> Thu, 28 Feb 2013 23:42:31 -0500 + openconnect (3.20-3) unstable; urgency=low * debian/patches/02_CVE-2012-6128.patch: Backport patch from upstream to fix diff -Nru openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch --- openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch 1969-12-31 19:00:00.000000000 -0500 +++ openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch 2013-02-28 19:28:20.000000000 -0500 @@ -0,0 +1,97 @@ +Origin: upstream, http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/8dad4f3ad009e45bbd1ba21f1bd03d3f7639deab +From: David Woodhouse <david.woodho...@intel.com> +Subject: Fix abuse of realloc() causing memory leaks + +Implement a helper which actually *does* free the original pointer on +allocation failure, as I evidently always expected it to. + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700805 + +Reported by: Niels Thykier <ni...@thykier.net> +Signed-off-by: David Woodhouse <david.woodho...@intel.com> +--- + auth.c | 4 ++-- + compat.c | 2 +- + http.c | 8 ++++---- + openconnect-internal.h | 8 ++++++++ + 4 files changed, 15 insertions(+), 7 deletions(-) + +--- a/auth.c ++++ b/auth.c +@@ -140,8 +140,8 @@ static int parse_auth_choice(struct open + continue; + + opt->nr_choices++; +- opt = realloc(opt, sizeof(*opt) + +- opt->nr_choices * sizeof(*choice)); ++ realloc_inplace(opt, sizeof(*opt) + ++ opt->nr_choices * sizeof(*choice)); + if (!opt) + return -ENOMEM; + +--- a/compat.c ++++ b/compat.c +@@ -131,7 +131,7 @@ ssize_t openconnect__getline(char **line + break; + + *n *= 2; +- *lineptr = realloc(*lineptr, *n); ++ realloc_inplace(*lineptr, *n); + if (!*lineptr) + return -1; + } +--- a/http.c ++++ b/http.c +@@ -97,7 +97,7 @@ static void buf_append(struct oc_text_bu + break; + } + +- buf->data = realloc(buf->data, new_buf_len); ++ realloc_inplace(buf->data, new_buf_len); + if (!buf->data) { + buf->error = -ENOMEM; + break; +@@ -354,7 +354,7 @@ static int process_http_response(struct + lastchunk = 1; + goto skip; + } +- body = realloc(body, done + chunklen + 1); ++ realloc_inplace(body, done + chunklen + 1); + if (!body) + return -ENOMEM; + while (chunklen) { +@@ -394,7 +394,7 @@ static int process_http_response(struct + + /* HTTP 1.0 response. Just eat all we can in 16KiB chunks */ + while (1) { +- body = realloc(body, done + 16384); ++ realloc_inplace(body, done + 16384); + if (!body) + return -ENOMEM; + i = openconnect_SSL_read(vpninfo, body + done, 16384); +@@ -407,7 +407,7 @@ static int process_http_response(struct + return i; + } else { + /* Connection closed. Reduce allocation to just what we need */ +- body = realloc(body, done + 1); ++ realloc_inplace(body, done + 1); + if (!body) + return -ENOMEM; + break; +--- a/openconnect-internal.h ++++ b/openconnect-internal.h +@@ -256,6 +256,14 @@ int openconnect__asprintf(char **strp, c + ssize_t openconnect__getline(char **lineptr, size_t *n, FILE *stream); + #endif + ++/* I always coded as if it worked like this. Now it does. */ ++#define realloc_inplace(p, size) do { \ ++ void *__realloc_old = p; \ ++ p = realloc(p, size); \ ++ if (size && !p) \ ++ free(__realloc_old); \ ++ } while (0) ++ + /****************************************************************************/ + + /* tun.c */ diff -Nru openconnect-3.20/debian/patches/series openconnect-3.20/debian/patches/series --- openconnect-3.20/debian/patches/series 2013-02-17 12:25:52.000000000 -0500 +++ openconnect-3.20/debian/patches/series 2013-02-28 19:27:05.000000000 -0500 @@ -1,2 +1,3 @@ 01_man-vpnc-script-path.patch 02_CVE-2012-6128.patch +03_fix-abuse-of-realloc.patch -- mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org