Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: Aigars Mahinovs <aigar...@debian.org>
* CVE-2022-31291: Double free in dlt_config_file_set_section(). (Closes: #1014534)
diff -Nru dlt-daemon-2.18.6/debian/changelog dlt-daemon-2.18.6/debian/changelog --- dlt-daemon-2.18.6/debian/changelog 2021-01-09 15:18:44.000000000 +0200 +++ dlt-daemon-2.18.6/debian/changelog 2022-08-27 14:59:10.000000000 +0300 @@ -1,3 +1,11 @@ +dlt-daemon (2.18.6-1+deb11u1) bullseye; urgency=medium + + * Non-maintainer upload. + * CVE-2022-31291: Double free in dlt_config_file_set_section(). + (Closes: #1014534) + + -- Adrian Bunk <b...@debian.org> Sat, 27 Aug 2022 14:59:10 +0300 + dlt-daemon (2.18.6-1) unstable; urgency=medium * Update to new release diff -Nru dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch --- dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch 1970-01-01 02:00:00.000000000 +0200 +++ dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch 2022-08-18 19:36:47.000000000 +0300 @@ -0,0 +1,29 @@ +From 6a3bd901d825c7206797e36ea98e10a218f5aad2 Mon Sep 17 00:00:00 2001 +From: Safe-BCY <512234...@qq.com> +Date: Thu, 5 May 2022 06:47:17 +0800 +Subject: Fix a double-free bug. + +In the dlt_config_file_set_section function of dlt_config_file_parser.c: + s-name is not set to null after free. + It will be freed again in the dlt_config_file_release function. + +Signed-off-by: Zhongyang.Bao <zhongyang....@zeekrlife.com> +--- + src/shared/dlt_config_file_parser.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/shared/dlt_config_file_parser.c b/src/shared/dlt_config_file_parser.c +index 009a093..fc2d516 100644 +--- a/src/shared/dlt_config_file_parser.c ++++ b/src/shared/dlt_config_file_parser.c +@@ -148,6 +148,7 @@ static int dlt_config_file_set_section(DltConfigFile *file, char *name) + + if (s->keys == NULL) { + free(s->name); ++ s->name = NULL; + dlt_log(LOG_ERR, "Cannot allocate memory for internal data structure\n"); + return -1; + } +-- +2.20.1 + diff -Nru dlt-daemon-2.18.6/debian/patches/series dlt-daemon-2.18.6/debian/patches/series --- dlt-daemon-2.18.6/debian/patches/series 1970-01-01 02:00:00.000000000 +0200 +++ dlt-daemon-2.18.6/debian/patches/series 2022-08-27 14:59:10.000000000 +0300 @@ -0,0 +1 @@ +0001-Fix-a-double-free-bug.patch