From fc66aa7d9b6ca5dbc3591d0fd6e8f2a886022908 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 15 Feb 2020 12:06:23 -0800 Subject: [PATCH] Apply patch for CVE-2020-7105. Fixes bug #1796474 --- ...c256efa5ca4705af85edbdf137060c9a4b0a.patch | 55 +++++++++++++++++++ hiredis.spec | 8 ++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 78cec256efa5ca4705af85edbdf137060c9a4b0a.patch diff --git a/78cec256efa5ca4705af85edbdf137060c9a4b0a.patch b/78cec256efa5ca4705af85edbdf137060c9a4b0a.patch new file mode 100644 index 0000000..b048d28 --- /dev/null +++ b/78cec256efa5ca4705af85edbdf137060c9a4b0a.patch @@ -0,0 +1,55 @@ +From 78cec256efa5ca4705af85edbdf137060c9a4b0a Mon Sep 17 00:00:00 2001 +From: Chris Lamb +Date: Sun, 19 Jan 2020 11:49:13 +0000 +Subject: [PATCH] Abort if malloc() was unsuccessful. (Closes: #747) + +--- + async.c | 2 ++ + dict.c | 7 ++++++- + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/async.c b/async.c +index 4f422d566..f9193dd05 100644 +--- a/async.c ++++ b/async.c +@@ -58,6 +58,8 @@ static unsigned int callbackHash(const void *key) { + static void *callbackValDup(void *privdata, const void *src) { + ((void) privdata); + redisCallback *dup = malloc(sizeof(*dup)); ++ if (dup == NULL) ++ abort(); + memcpy(dup,src,sizeof(*dup)); + return dup; + } +diff --git a/dict.c b/dict.c +index 5b349f078..70ef57f6b 100644 +--- a/dict.c ++++ b/dict.c +@@ -72,6 +72,8 @@ static void _dictReset(dict *ht) { + /* Create a new hash table */ + static dict *dictCreate(dictType *type, void *privDataPtr) { + dict *ht = malloc(sizeof(*ht)); ++ if (ht == NULL) ++ abort(); + _dictInit(ht,type,privDataPtr); + return ht; + } +@@ -143,6 +145,8 @@ static int dictAdd(dict *ht, void *key, void *val) { + + /* Allocates the memory and stores key */ + entry = malloc(sizeof(*entry)); ++ if (entry == NULL) ++ abort(); + entry->next = ht->table[index]; + ht->table[index] = entry; + +@@ -257,7 +261,8 @@ static dictEntry *dictFind(dict *ht, const void *key) { + + static dictIterator *dictGetIterator(dict *ht) { + dictIterator *iter = malloc(sizeof(*iter)); +- ++ if (iter == NULL) ++ abort(); + iter->ht = ht; + iter->index = -1; + iter->entry = NULL; diff --git a/hiredis.spec b/hiredis.spec index cdc494d..fbdc323 100644 --- a/hiredis.spec +++ b/hiredis.spec @@ -1,12 +1,15 @@ Name: hiredis Version: 0.13.3 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Minimalistic C client library for Redis License: BSD URL: https://github.com/redis/hiredis Source0: https://github.com/redis/hiredis/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz # https://github.com/redis/hiredis/pull/554 Patch0: 0001-build-do-not-assume-that-INSTALL-is-cp.patch +# Already upstream +# Fix for CVE-2020-7105. +Patch1: https://github.com/lamby/hiredis/commit/78cec256efa5ca4705af85edbdf137060c9a4b0a.patch BuildRequires: gcc BuildRequires: redis @@ -54,6 +57,9 @@ make check || true %{_libdir}/pkgconfig/hiredis.pc %changelog +* Sat Feb 15 2020 Kevin Fenzi - 0.13.3-13 +- Apply patch for CVE-2020-7105. Fixes bug #1796474 + * Wed Jan 29 2020 Fedora Release Engineering - 0.13.3-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild