Bug#1018226: bullseye-pu: package dlt-daemon/2.18.6-1+deb11u1

Sat, 27 Aug 2022 05:15:17 -0700 

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Aigars Mahinovs <aigar...@debian.org>

  * CVE-2022-31291: Double free in dlt_config_file_set_section().
    (Closes: #1014534)

diff -Nru dlt-daemon-2.18.6/debian/changelog dlt-daemon-2.18.6/debian/changelog
--- dlt-daemon-2.18.6/debian/changelog  2021-01-09 15:18:44.000000000 +0200
+++ dlt-daemon-2.18.6/debian/changelog  2022-08-27 14:59:10.000000000 +0300
@@ -1,3 +1,11 @@
+dlt-daemon (2.18.6-1+deb11u1) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2022-31291: Double free in dlt_config_file_set_section().
+    (Closes: #1014534)
+
+ -- Adrian Bunk <b...@debian.org>  Sat, 27 Aug 2022 14:59:10 +0300
+
 dlt-daemon (2.18.6-1) unstable; urgency=medium
 
   * Update to new release
diff -Nru dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch 
dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch
--- dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch   
1970-01-01 02:00:00.000000000 +0200
+++ dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch   
2022-08-18 19:36:47.000000000 +0300
@@ -0,0 +1,29 @@
+From 6a3bd901d825c7206797e36ea98e10a218f5aad2 Mon Sep 17 00:00:00 2001
+From: Safe-BCY <512234...@qq.com>
+Date: Thu, 5 May 2022 06:47:17 +0800
+Subject: Fix a double-free bug.
+
+In the dlt_config_file_set_section function of dlt_config_file_parser.c:
+  s-name is not set to null after free.
+  It will be freed again in the dlt_config_file_release function.
+
+Signed-off-by: Zhongyang.Bao <zhongyang....@zeekrlife.com>
+---
+ src/shared/dlt_config_file_parser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/shared/dlt_config_file_parser.c 
b/src/shared/dlt_config_file_parser.c
+index 009a093..fc2d516 100644
+--- a/src/shared/dlt_config_file_parser.c
++++ b/src/shared/dlt_config_file_parser.c
+@@ -148,6 +148,7 @@ static int dlt_config_file_set_section(DltConfigFile 
*file, char *name)
+ 
+     if (s->keys == NULL) {
+         free(s->name);
++        s->name = NULL;
+         dlt_log(LOG_ERR, "Cannot allocate memory for internal data 
structure\n");
+         return -1;
+     }
+-- 
+2.20.1
+
diff -Nru dlt-daemon-2.18.6/debian/patches/series 
dlt-daemon-2.18.6/debian/patches/series
--- dlt-daemon-2.18.6/debian/patches/series     1970-01-01 02:00:00.000000000 
+0200
+++ dlt-daemon-2.18.6/debian/patches/series     2022-08-27 14:59:10.000000000 
+0300
@@ -0,0 +1 @@
+0001-Fix-a-double-free-bug.patch

Reply via email to