diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2009-06-17 13:09:25 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2009-06-17 13:09:25 +0300 |
commit | 0055fecfde5404c5106ac0fc58052e9264da8592 (patch) | |
tree | fb9b608808a1b3a60754239bc01f13a6017c430d | |
parent | 1b9e6d7f48a68fd677c70d04c9a6bb4274cf7b9f (diff) | |
download | librpm-tizen-0055fecfde5404c5106ac0fc58052e9264da8592.tar.gz librpm-tizen-0055fecfde5404c5106ac0fc58052e9264da8592.tar.bz2 librpm-tizen-0055fecfde5404c5106ac0fc58052e9264da8592.zip |
Fix invalid memory access from freeing dirName too early
- if it doesn't crash, it can cause rpmdb provided file not seen in chroot,
the other half of RhBug:506323
- streamline exit points to enable freeing allocated resources sanely
-rw-r--r-- | lib/rpmdb.c | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/lib/rpmdb.c b/lib/rpmdb.c index 439a97480..b7afda9c8 100644 --- a/lib/rpmdb.c +++ b/lib/rpmdb.c @@ -1098,20 +1098,20 @@ int rpmdbVerify(const char * prefix) static int rpmdbFindByFile(rpmdb db, const char * filespec, DBT * key, DBT * data, dbiIndexSet * matches) { - char * dirName; + char * dirName = NULL; const char * baseName; - fingerPrintCache fpc; + fingerPrintCache fpc = NULL; fingerPrint fp1; dbiIndex dbi = NULL; DBC * dbcursor; dbiIndexSet allMatches = NULL; dbiIndexItem rec = NULL; unsigned int i; - int rc; + int rc = -2; /* assume error */ int xx; *matches = NULL; - if (filespec == NULL) return -2; + if (filespec == NULL) return rc; /* nothing alloced yet */ if ((baseName = strrchr(filespec, '/')) != NULL) { size_t len = baseName - filespec + 1; @@ -1123,11 +1123,10 @@ static int rpmdbFindByFile(rpmdb db, const char * filespec, baseName = filespec; } if (baseName == NULL) - return -2; + goto exit; fpc = fpCacheCreate(20); fp1 = fpLookup(fpc, dirName, baseName, 1); - free(dirName); dbi = dbiOpen(db, RPMTAG_BASENAMES, 0); if (dbi != NULL) { @@ -1154,11 +1153,7 @@ static int rpmdbFindByFile(rpmdb db, const char * filespec, } else rc = -2; - if (rc) { - allMatches = dbiFreeIndexSet(allMatches); - fpc = fpCacheFree(fpc); - return rc; - } + if (rc) goto exit; *matches = xcalloc(1, sizeof(**matches)); rec = dbiIndexNewItem(0, 0); @@ -1216,16 +1211,19 @@ static int rpmdbFindByFile(rpmdb db, const char * filespec, } rec = _free(rec); - allMatches = dbiFreeIndexSet(allMatches); - - fpc = fpCacheFree(fpc); if ((*matches)->count == 0) { *matches = dbiFreeIndexSet(*matches); - return 1; + rc = 1; + } else { + rc = 0; } - return 0; +exit: + dbiFreeIndexSet(allMatches); + fpCacheFree(fpc); + free(dirName); + return rc; } /* XXX python/upgrade.c, install.c, uninstall.c */ |