Bug#701996: unblock: openconnect/3.20-4
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Dear Release Team,
Please unblock package openconnect, version 3.20-4 already in unstable.
This version fixes bug #700805, possible memory leak introduced by
previous version. This fix was requested for wheezy [1]. The debdiff is
included below. Thank you.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700806#22
diffstat for openconnect-3.20 openconnect-3.20
changelog | 7 ++
patches/03_fix-abuse-of-realloc.patch | 97 ++++++++++++++++++++++++++++++++++
patches/series | 1
3 files changed, 105 insertions(+)
diff -Nru openconnect-3.20/debian/changelog openconnect-3.20/debian/changelog
--- openconnect-3.20/debian/changelog 2013-02-17 12:25:52.000000000 -0500
+++ openconnect-3.20/debian/changelog 2013-02-28 23:42:35.000000000 -0500
@@ -1,3 +1,10 @@
+openconnect (3.20-4) unstable; urgency=low
+
+ * debian/patches/03_fix-abuse-of-realloc.patch: Backport patch from upstream
+ to fix possible memory leaks on realloc. (Closes: #700805)
+
+ -- Mike Miller <mtmiller@ieee.org> Thu, 28 Feb 2013 23:42:31 -0500
+
openconnect (3.20-3) unstable; urgency=low
* debian/patches/02_CVE-2012-6128.patch: Backport patch from upstream to fix
diff -Nru openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch
--- openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch 1969-12-31 19:00:00.000000000 -0500
+++ openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch 2013-02-28 19:28:20.000000000 -0500
@@ -0,0 +1,97 @@
+Origin: upstream, http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/8dad4f3ad009e45bbd1ba21f1bd03d3f7639deab
+From: David Woodhouse <David.Woodhouse@intel.com>
+Subject: Fix abuse of realloc() causing memory leaks
+
+Implement a helper which actually *does* free the original pointer on
+allocation failure, as I evidently always expected it to.
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700805
+
+Reported by: Niels Thykier <niels@thykier.net>
+Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+---
+ auth.c | 4 ++--
+ compat.c | 2 +-
+ http.c | 8 ++++----
+ openconnect-internal.h | 8 ++++++++
+ 4 files changed, 15 insertions(+), 7 deletions(-)
+
+--- a/auth.c
++++ b/auth.c
+@@ -140,8 +140,8 @@ static int parse_auth_choice(struct open
+ continue;
+
+ opt->nr_choices++;
+- opt = realloc(opt, sizeof(*opt) +
+- opt->nr_choices * sizeof(*choice));
++ realloc_inplace(opt, sizeof(*opt) +
++ opt->nr_choices * sizeof(*choice));
+ if (!opt)
+ return -ENOMEM;
+
+--- a/compat.c
++++ b/compat.c
+@@ -131,7 +131,7 @@ ssize_t openconnect__getline(char **line
+ break;
+
+ *n *= 2;
+- *lineptr = realloc(*lineptr, *n);
++ realloc_inplace(*lineptr, *n);
+ if (!*lineptr)
+ return -1;
+ }
+--- a/http.c
++++ b/http.c
+@@ -97,7 +97,7 @@ static void buf_append(struct oc_text_bu
+ break;
+ }
+
+- buf->data = realloc(buf->data, new_buf_len);
++ realloc_inplace(buf->data, new_buf_len);
+ if (!buf->data) {
+ buf->error = -ENOMEM;
+ break;
+@@ -354,7 +354,7 @@ static int process_http_response(struct
+ lastchunk = 1;
+ goto skip;
+ }
+- body = realloc(body, done + chunklen + 1);
++ realloc_inplace(body, done + chunklen + 1);
+ if (!body)
+ return -ENOMEM;
+ while (chunklen) {
+@@ -394,7 +394,7 @@ static int process_http_response(struct
+
+ /* HTTP 1.0 response. Just eat all we can in 16KiB chunks */
+ while (1) {
+- body = realloc(body, done + 16384);
++ realloc_inplace(body, done + 16384);
+ if (!body)
+ return -ENOMEM;
+ i = openconnect_SSL_read(vpninfo, body + done, 16384);
+@@ -407,7 +407,7 @@ static int process_http_response(struct
+ return i;
+ } else {
+ /* Connection closed. Reduce allocation to just what we need */
+- body = realloc(body, done + 1);
++ realloc_inplace(body, done + 1);
+ if (!body)
+ return -ENOMEM;
+ break;
+--- a/openconnect-internal.h
++++ b/openconnect-internal.h
+@@ -256,6 +256,14 @@ int openconnect__asprintf(char **strp, c
+ ssize_t openconnect__getline(char **lineptr, size_t *n, FILE *stream);
+ #endif
+
++/* I always coded as if it worked like this. Now it does. */
++#define realloc_inplace(p, size) do { \
++ void *__realloc_old = p; \
++ p = realloc(p, size); \
++ if (size && !p) \
++ free(__realloc_old); \
++ } while (0)
++
+ /****************************************************************************/
+
+ /* tun.c */
diff -Nru openconnect-3.20/debian/patches/series openconnect-3.20/debian/patches/series
--- openconnect-3.20/debian/patches/series 2013-02-17 12:25:52.000000000 -0500
+++ openconnect-3.20/debian/patches/series 2013-02-28 19:27:05.000000000 -0500
@@ -1,2 +1,3 @@
01_man-vpnc-script-path.patch
02_CVE-2012-6128.patch
+03_fix-abuse-of-realloc.patch
--
mike
Reply to: