From 63bfcd3d52dd81a55f742a296f25e2f537643042 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Wed, 20 Oct 2021 10:47:54 +0800
Subject: [PATCH] fix CVE-2019-18874

---
 CVE-2019-18874-1.patch | 59 ++++++++++++++++++++++++++++++++++++++++++
 CVE-2019-18874-2.patch | 31 ++++++++++++++++++++++
 python-psutil.spec     |  8 +++++-
 3 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2019-18874-1.patch
 create mode 100644 CVE-2019-18874-2.patch

diff --git a/CVE-2019-18874-1.patch b/CVE-2019-18874-1.patch
new file mode 100644
index 0000000..b162748
--- /dev/null
+++ b/CVE-2019-18874-1.patch
@@ -0,0 +1,59 @@
+Backpor of:
+
+From 7d512c8e4442a896d56505be3e78f1156f443465 Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <ret2libc@users.noreply.github.com>
+Date: Wed, 13 Nov 2019 14:54:21 +0100
+Subject: [PATCH] Use Py_CLEAR instead of Py_DECREF to also set the variable to
+ NULL (#1616)
+
+These files contain loops that convert system data into python objects
+and during the process they create objects and dereference their
+refcounts after they have been added to the resulting list.
+
+However, in case of errors during the creation of those python objects,
+the refcount to previously allocated objects is dropped again with
+Py_XDECREF, which should be a no-op in case the paramater is NULL. Even
+so, in most of these loops the variables pointing to the objects are
+never set to NULL, even after Py_DECREF is called at the end of the loop
+iteration. This means, after the first iteration, if an error occurs
+those python objects will get their refcount dropped two times,
+resulting in a possible double-free.
+---
+ psutil/_psutil_aix.c     | 18 +++++++-------
+ psutil/_psutil_bsd.c     | 30 +++++++++++-----------
+ psutil/_psutil_linux.c   | 14 +++++------
+ psutil/_psutil_osx.c     | 39 ++++++++++++++---------------
+ psutil/_psutil_sunos.c   | 43 ++++++++++++++++----------------
+ psutil/_psutil_windows.c | 54 ++++++++++++++++++++--------------------
+ 6 files changed, 97 insertions(+), 101 deletions(-)
+
+--- a/psutil/_psutil_linux.c
++++ b/psutil/_psutil_linux.c
+@@ -232,9 +232,9 @@ psutil_disk_partitions(PyObject *self, P
+             goto error;
+         if (PyList_Append(py_retlist, py_tuple))
+             goto error;
+-        Py_DECREF(py_dev);
+-        Py_DECREF(py_mountp);
+-        Py_DECREF(py_tuple);
++        Py_CLEAR(py_dev);
++        Py_CLEAR(py_mountp);
++        Py_CLEAR(py_tuple);
+     }
+     endmntent(file);
+     return py_retlist;
+@@ -488,10 +488,10 @@ psutil_users(PyObject *self, PyObject *a
+             goto error;
+         if (PyList_Append(py_retlist, py_tuple))
+             goto error;
+-        Py_DECREF(py_username);
+-        Py_DECREF(py_tty);
+-        Py_DECREF(py_hostname);
+-        Py_DECREF(py_tuple);
++        Py_CLEAR(py_username);
++        Py_CLEAR(py_tty);
++        Py_CLEAR(py_hostname);
++        Py_CLEAR(py_tuple);
+     }
+     endutent();
+     return py_retlist;
diff --git a/CVE-2019-18874-2.patch b/CVE-2019-18874-2.patch
new file mode 100644
index 0000000..10baeaf
--- /dev/null
+++ b/CVE-2019-18874-2.patch
@@ -0,0 +1,31 @@
+From 3a9bccfd2c6d2e6538298cd3892058b1204056e0 Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <ret2libc@users.noreply.github.com>
+Date: Mon, 18 Nov 2019 15:51:39 +0100
+Subject: [PATCH] psutil/_psutil_posix.c: better clear variables to ensure they
+ are NULL (#1624)
+
+---
+ psutil/_psutil_posix.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/psutil/_psutil_posix.c b/psutil/_psutil_posix.c
+index 209e787d5..aa6008491 100644
+--- a/psutil/_psutil_posix.c
++++ b/psutil/_psutil_posix.c
+@@ -324,11 +324,11 @@ psutil_net_if_addrs(PyObject* self, PyObject* args) {
+             goto error;
+         if (PyList_Append(py_retlist, py_tuple))
+             goto error;
+-        Py_DECREF(py_tuple);
+-        Py_DECREF(py_address);
+-        Py_DECREF(py_netmask);
+-        Py_DECREF(py_broadcast);
+-        Py_DECREF(py_ptp);
++        Py_CLEAR(py_tuple);
++        Py_CLEAR(py_address);
++        Py_CLEAR(py_netmask);
++        Py_CLEAR(py_broadcast);
++        Py_CLEAR(py_ptp);
+     }
+ 
+     freeifaddrs(ifaddr);
diff --git a/python-psutil.spec b/python-psutil.spec
index 1c047cd..e40fd8f 100644
--- a/python-psutil.spec
+++ b/python-psutil.spec
@@ -1,11 +1,14 @@
 Name:           python-psutil
 Version:        5.4.3
-Release:        8
+Release:        9
 Summary:        A library for retrieving information on running processes and system utilization in Python
 License:        BSD
 URL:            https://github.com/giampaolo/psutil
 Source0:        https://github.com/giampaolo/psutil/archive/release-%{version}.tar.gz#/psutil-%{version}.tar.gz
 
+Patch0001:      CVE-2019-18874-1.patch
+Patch0002:      CVE-2019-18874-2.patch
+
 BuildRequires:  gcc python2-devel python3-devel procps-ng python2-mock python3-mock python2-ipaddress
 
 %description
@@ -68,6 +71,9 @@ done
 %{python3_sitearch}/*.egg-info
 
 %changelog
+* Wed Oct 20 2021 yaoxin <yaoxin30@huawei.com> - 5.4.3-9
+- Fix CVE-2019-18874
+
 * Fri Aug 21 2020 shixuantong <shixuantong@huawei.com> - 5.4.3-8
 - add release version for rebuild
 
-- 
Gitee