Bug#701996: unblock: openconnect/3.20-4

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#701996: unblock: openconnect/3.20-4
From: Mike Miller <mtmiller@ieee.org>
Date: Fri, 1 Mar 2013 08:52:33 -0500
Message-id: <[🔎] 20130301135233.GA26460@xps14z.home.local>
Reply-to: Mike Miller <mtmiller@ieee.org>, 701996@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock package openconnect, version 3.20-4 already in unstable.
This version fixes bug #700805, possible memory leak introduced by
previous version. This fix was requested for wheezy [1]. The debdiff is
included below. Thank you.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700806#22


diffstat for openconnect-3.20 openconnect-3.20

 changelog                             |    7 ++
 patches/03_fix-abuse-of-realloc.patch |   97 ++++++++++++++++++++++++++++++++++
 patches/series                        |    1 
 3 files changed, 105 insertions(+)

diff -Nru openconnect-3.20/debian/changelog openconnect-3.20/debian/changelog
--- openconnect-3.20/debian/changelog	2013-02-17 12:25:52.000000000 -0500
+++ openconnect-3.20/debian/changelog	2013-02-28 23:42:35.000000000 -0500
@@ -1,3 +1,10 @@
+openconnect (3.20-4) unstable; urgency=low
+
+  * debian/patches/03_fix-abuse-of-realloc.patch: Backport patch from upstream
+    to fix possible memory leaks on realloc. (Closes: #700805)
+
+ -- Mike Miller <mtmiller@ieee.org>  Thu, 28 Feb 2013 23:42:31 -0500
+
 openconnect (3.20-3) unstable; urgency=low
 
   * debian/patches/02_CVE-2012-6128.patch: Backport patch from upstream to fix
diff -Nru openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch
--- openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch	1969-12-31 19:00:00.000000000 -0500
+++ openconnect-3.20/debian/patches/03_fix-abuse-of-realloc.patch	2013-02-28 19:28:20.000000000 -0500
@@ -0,0 +1,97 @@
+Origin: upstream, http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/8dad4f3ad009e45bbd1ba21f1bd03d3f7639deab
+From: David Woodhouse <David.Woodhouse@intel.com>
+Subject: Fix abuse of realloc() causing memory leaks
+
+Implement a helper which actually *does* free the original pointer on
+allocation failure, as I evidently always expected it to.
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700805
+
+Reported by: Niels Thykier <niels@thykier.net>
+Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+---
+ auth.c                 |    4 ++--
+ compat.c               |    2 +-
+ http.c                 |    8 ++++----
+ openconnect-internal.h |    8 ++++++++
+ 4 files changed, 15 insertions(+), 7 deletions(-)
+
+--- a/auth.c
++++ b/auth.c
+@@ -140,8 +140,8 @@ static int parse_auth_choice(struct open
+ 			continue;
+ 
+ 		opt->nr_choices++;
+-		opt = realloc(opt, sizeof(*opt) +
+-				   opt->nr_choices * sizeof(*choice));
++		realloc_inplace(opt, sizeof(*opt) +
++				opt->nr_choices * sizeof(*choice));
+ 		if (!opt)
+ 			return -ENOMEM;
+ 
+--- a/compat.c
++++ b/compat.c
+@@ -131,7 +131,7 @@ ssize_t openconnect__getline(char **line
+ 			break;
+ 
+ 		*n *= 2;
+-		*lineptr = realloc(*lineptr, *n);
++		realloc_inplace(*lineptr, *n);
+ 		if (!*lineptr)
+ 			return -1;
+ 	}
+--- a/http.c
++++ b/http.c
+@@ -97,7 +97,7 @@ static void buf_append(struct oc_text_bu
+ 				break;
+ 			}
+ 
+-			buf->data = realloc(buf->data, new_buf_len);
++			realloc_inplace(buf->data, new_buf_len);
+ 			if (!buf->data) {
+ 				buf->error = -ENOMEM;
+ 				break;
+@@ -354,7 +354,7 @@ static int process_http_response(struct
+ 				lastchunk = 1;
+ 				goto skip;
+ 			}
+-			body = realloc(body, done + chunklen + 1);
++			realloc_inplace(body, done + chunklen + 1);
+ 			if (!body)
+ 				return -ENOMEM;
+ 			while (chunklen) {
+@@ -394,7 +394,7 @@ static int process_http_response(struct
+ 
+ 		/* HTTP 1.0 response. Just eat all we can in 16KiB chunks */
+ 		while (1) {
+-			body = realloc(body, done + 16384);
++			realloc_inplace(body, done + 16384);
+ 			if (!body)
+ 				return -ENOMEM;
+ 			i = openconnect_SSL_read(vpninfo, body + done, 16384);
+@@ -407,7 +407,7 @@ static int process_http_response(struct
+ 				return i;
+ 			} else {
+ 				/* Connection closed. Reduce allocation to just what we need */
+-				body = realloc(body, done + 1);
++				realloc_inplace(body, done + 1);
+ 				if (!body)
+ 					return -ENOMEM;
+ 				break;
+--- a/openconnect-internal.h
++++ b/openconnect-internal.h
+@@ -256,6 +256,14 @@ int openconnect__asprintf(char **strp, c
+ ssize_t openconnect__getline(char **lineptr, size_t *n, FILE *stream);
+ #endif
+ 
++/* I always coded as if it worked like this. Now it does. */
++#define realloc_inplace(p, size) do {			\
++	void *__realloc_old = p;			\
++	p = realloc(p, size);				\
++	if (size && !p)					\
++		free(__realloc_old);			\
++    } while (0)
++
+ /****************************************************************************/
+ 
+ /* tun.c */
diff -Nru openconnect-3.20/debian/patches/series openconnect-3.20/debian/patches/series
--- openconnect-3.20/debian/patches/series	2013-02-17 12:25:52.000000000 -0500
+++ openconnect-3.20/debian/patches/series	2013-02-28 19:27:05.000000000 -0500
@@ -1,2 +1,3 @@
 01_man-vpnc-script-path.patch
 02_CVE-2012-6128.patch
+03_fix-abuse-of-realloc.patch

-- 
mike

Reply to:

Follow-Ups:
- Bug#701996: marked as done (unblock: openconnect/3.20-4)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#699109: unblock (pre-approval): initramfs-tools-tcos/0.89.91
Next by Date: Bug#701997: unblock: iptables/1.4.14-3.1 (tpu)
Previous by thread: Bug#699109: unblock (pre-approval): initramfs-tools-tcos/0.89.91
Next by thread: Bug#701996: marked as done (unblock: openconnect/3.20-4)
Index(es):
- Date
- Thread