blob: f6083eb180f53f0843cf0e5cb68534848c629316 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
The package app-crypt/mhash-0.9.9 as well as app-crypt/mhash-0.9.9-r1 are
affected by a bug which causes memory to be leaked during
mhash_restore_state_mem.
In this function/patch, ret->state is allocated towards the beginning and later
on replaced with a new allocated area without freeing the old. The patch fixes
it.
Patch already submitted upstream, but depending on speed, this may be faster to
patch in a new patchset.
Gentoo-Bug: 255006
Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=255006
Patch-URL: http://bugs.gentoo.org/attachment.cgi?id=178560
Signed-off-by: Thomas Harning <harningt@gmail.com>
--- a/lib/mhash.c
+++ b/lib/mhash.c
@@ -719,6 +719,8 @@
mutils_memcpy( &ret->state_size, &mem[pos], sizeof(ret->state_size));
pos += sizeof( ret->state_size);
+ if (ret->state)
+ mutils_free(ret->state);
ret->state = mutils_malloc(ret->state_size);
if (ret->state==NULL)
goto freeall;
|