--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bullseye-pu: package dlt-daemon/2.18.6-1+deb11u1
- From: Adrian Bunk <bunk@debian.org>
- Date: Sat, 27 Aug 2022 15:12:33 +0300
- Message-id: <166160235357.1063.8322890433977880855.reportbug@localhost>
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Aigars Mahinovs <aigarius@debian.org>
* CVE-2022-31291: Double free in dlt_config_file_set_section().
(Closes: #1014534)
diff -Nru dlt-daemon-2.18.6/debian/changelog dlt-daemon-2.18.6/debian/changelog
--- dlt-daemon-2.18.6/debian/changelog 2021-01-09 15:18:44.000000000 +0200
+++ dlt-daemon-2.18.6/debian/changelog 2022-08-27 14:59:10.000000000 +0300
@@ -1,3 +1,11 @@
+dlt-daemon (2.18.6-1+deb11u1) bullseye; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2022-31291: Double free in dlt_config_file_set_section().
+ (Closes: #1014534)
+
+ -- Adrian Bunk <bunk@debian.org> Sat, 27 Aug 2022 14:59:10 +0300
+
dlt-daemon (2.18.6-1) unstable; urgency=medium
* Update to new release
diff -Nru dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch
--- dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch 1970-01-01 02:00:00.000000000 +0200
+++ dlt-daemon-2.18.6/debian/patches/0001-Fix-a-double-free-bug.patch 2022-08-18 19:36:47.000000000 +0300
@@ -0,0 +1,29 @@
+From 6a3bd901d825c7206797e36ea98e10a218f5aad2 Mon Sep 17 00:00:00 2001
+From: Safe-BCY <512234783@qq.com>
+Date: Thu, 5 May 2022 06:47:17 +0800
+Subject: Fix a double-free bug.
+
+In the dlt_config_file_set_section function of dlt_config_file_parser.c:
+ s-name is not set to null after free.
+ It will be freed again in the dlt_config_file_release function.
+
+Signed-off-by: Zhongyang.Bao <Zhongyang.Bao@zeekrlife.com>
+---
+ src/shared/dlt_config_file_parser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/shared/dlt_config_file_parser.c b/src/shared/dlt_config_file_parser.c
+index 009a093..fc2d516 100644
+--- a/src/shared/dlt_config_file_parser.c
++++ b/src/shared/dlt_config_file_parser.c
+@@ -148,6 +148,7 @@ static int dlt_config_file_set_section(DltConfigFile *file, char *name)
+
+ if (s->keys == NULL) {
+ free(s->name);
++ s->name = NULL;
+ dlt_log(LOG_ERR, "Cannot allocate memory for internal data structure\n");
+ return -1;
+ }
+--
+2.20.1
+
diff -Nru dlt-daemon-2.18.6/debian/patches/series dlt-daemon-2.18.6/debian/patches/series
--- dlt-daemon-2.18.6/debian/patches/series 1970-01-01 02:00:00.000000000 +0200
+++ dlt-daemon-2.18.6/debian/patches/series 2022-08-27 14:59:10.000000000 +0300
@@ -0,0 +1 @@
+0001-Fix-a-double-free-bug.patch
--- End Message ---