From 7373b3f448bbe291062c8bfe903eb55bb2d54abf Mon Sep 17 00:00:00 2001 From: cenhuilin Date: Fri, 19 Sep 2025 11:18:32 +0800 Subject: [PATCH] lsblk: fix memory leak and possible use-after-free --- backport-lsblk-fix-memory-leak.patch | 25 ++++++++++++++ ...rt-lsblk-fix-possible-use-after-free.patch | 33 +++++++++++++++++++ util-linux.spec | 11 ++++++- 3 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 backport-lsblk-fix-memory-leak.patch create mode 100644 backport-lsblk-fix-possible-use-after-free.patch diff --git a/backport-lsblk-fix-memory-leak.patch b/backport-lsblk-fix-memory-leak.patch new file mode 100644 index 0000000..1da1017 --- /dev/null +++ b/backport-lsblk-fix-memory-leak.patch @@ -0,0 +1,25 @@ +From b13f60104b646b45dc9bf43408e6fdec03382ad9 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Fri, 19 Sep 2025 11:13:15 +0800 +Subject: [PATCH] lsblk: fix memory leak [coverity scan] + +Signed-off-by: Karel Zak +--- + misc-utils/lsblk.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/misc-utils/lsblk.c b/misc-utils/lsblk.c +index 55ec653..11985dc 100644 +--- a/misc-utils/lsblk.c ++++ b/misc-utils/lsblk.c +@@ -426,6 +426,7 @@ static char *get_type(struct lsblk_device *dev) + + ul_path_read_string(dev->sysfs, &md_level, "md/level"); + res = (md_level && *md_level) ? md_level : xstrdup("md"); ++ free(md_level); + + } else { + const char *type = NULL; +-- +2.43.0 + diff --git a/backport-lsblk-fix-possible-use-after-free.patch b/backport-lsblk-fix-possible-use-after-free.patch new file mode 100644 index 0000000..7cb8b71 --- /dev/null +++ b/backport-lsblk-fix-possible-use-after-free.patch @@ -0,0 +1,33 @@ +From 02955d9434396df4019132351d8264b74811dc3f Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Fri, 19 Sep 2025 11:14:51 +0800 +Subject: [PATCH] lsblk: fix possible use-after-free + +Signed-off-by: Karel Zak +--- + misc-utils/lsblk.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/misc-utils/lsblk.c b/misc-utils/lsblk.c +index 11985dc..5168db1 100644 +--- a/misc-utils/lsblk.c ++++ b/misc-utils/lsblk.c +@@ -425,9 +425,12 @@ static char *get_type(struct lsblk_device *dev) + char *md_level = NULL; + + ul_path_read_string(dev->sysfs, &md_level, "md/level"); +- res = (md_level && *md_level) ? md_level : xstrdup("md"); +- free(md_level); +- ++ if (md_level && *md_level) ++ res = md_level; ++ else { ++ free(md_level); /* may be unused empty string */ ++ res = xstrdup("md"); ++ } + } else { + const char *type = NULL; + int x = 0; +-- +2.43.0 + diff --git a/util-linux.spec b/util-linux.spec index d329963..92d7915 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -2,7 +2,7 @@ Name: util-linux Version: 2.35.2 -Release: 23 +Release: 24 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -93,6 +93,8 @@ Patch6013: backport-libblkid-drbd-reduce-false-positive.patch Patch6014: backport-libfdisk-fix-fdisk_reread_changes-for-extended-partitions.patch Patch6015: backport-mkfs.bfs-fix-memory-leaks-and-weak-code.patch Patch6016: backport-lsblk-use-md-as-fallback-TYPE-when-md-level-empty.patch +Patch6017: backport-lsblk-fix-memory-leak.patch +Patch6018: backport-lsblk-fix-possible-use-after-free.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: modify-rescuemode-chinese-error.patch @@ -451,6 +453,13 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Fri Sep 19 2025 cenhuilin - 2.35.2-24 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:lsblk: fix memory leak [coverity scan] + lsblk: fix possible use-after-free + * Wed Sep 03 2025 cenhuilin - 2.35.2-23 - Type:bugfix - CVE:NA -- Gitee