From aa92638d777a7ed39ae0515870909c23e3730dec Mon Sep 17 00:00:00 2001
From: steven Y Gui <guiyao@huawei.com>
Date: Wed, 1 Sep 2021 16:39:27 +0800
Subject: [PATCH] backport patches for fixing memory leak and double free
 issues

---
 audit.spec                                    |  9 +++-
 ...ing-call-to-free_interpretation_list.patch | 30 ++++++++++++
 ...e-memory-leak-caused-in-recent-glibc.patch | 35 ++++++++++++++
 ...-Fix-double-free-with-corrupted-logs.patch | 36 +++++++++++++++
 ...t-fix-2-more-issues-found-by-fuzzing.patch | 46 +++++++++++++++++++
 5 files changed, 155 insertions(+), 1 deletion(-)
 create mode 100644 backport-Add-missing-call-to-free_interpretation_list.patch
 create mode 100644 backport-Fix-an-auparse-memory-leak-caused-in-recent-glibc.patch
 create mode 100644 backport-Fix-double-free-with-corrupted-logs.patch
 create mode 100644 backport-fix-2-more-issues-found-by-fuzzing.patch

diff --git a/audit.spec b/audit.spec
index ec222b7..b30df12 100644
--- a/audit.spec
+++ b/audit.spec
@@ -2,7 +2,7 @@ Summary:            User space tools for kernel auditing
 Name:               audit
 Epoch:              1
 Version:            3.0
-Release:            2
+Release:            3
 License:            GPLv2+ and LGPLv2+
 URL:                https://people.redhat.com/sgrubb/audit/
 Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -12,6 +12,10 @@ Patch0:          bugfix-audit-support-armv7b.patch
 Patch1:          bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
 Patch2:          bugfix-audit-reload-coredump.patch
 Patch3:          backport-Fix-the-default-location-for-zos-remote.conf-171.patch
+Patch4:          backport-Add-missing-call-to-free_interpretation_list.patch
+Patch5:          backport-fix-2-more-issues-found-by-fuzzing.patch
+Patch6:          backport-Fix-an-auparse-memory-leak-caused-in-recent-glibc.patch
+Patch7:          backport-Fix-double-free-with-corrupted-logs.patch
 
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@@ -342,6 +346,9 @@ fi
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 
 %changelog
+* Wed Sep 1 2021 steven.ygui <steven_ygui@163.com> - 3.0-3
+- backport some patches to fix memory leak and double free issues
+
 * Fri May 28 2021 yixiangzhike <zhangxingliang3@huawei.com> - 3.0-2
 - solve the script failure when package upgrade
 
diff --git a/backport-Add-missing-call-to-free_interpretation_list.patch b/backport-Add-missing-call-to-free_interpretation_list.patch
new file mode 100644
index 0000000..9f10263
--- /dev/null
+++ b/backport-Add-missing-call-to-free_interpretation_list.patch
@@ -0,0 +1,30 @@
+From a9668df44bd635d40b6e7b4db2d12e5cf91c8013 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Thu, 5 Aug 2021 09:54:44 -0400
+Subject: [PATCH] Add missing call to free_interpretation_list
+
+---
+ auparse/auparse.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index ee3c97b..18f1127 100644
+--- a/auparse/auparse.c
++++ b/auparse/auparse.c
+@@ -1,5 +1,5 @@
+ /* auparse.c --
+- * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
++ * Copyright 2006-08,2012-19,21 Red Hat Inc.
+  * All Rights Reserved.
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -2014,6 +2014,7 @@ const char *auparse_find_field_next(auparse_state_t *au)
+ 			r = aup_list_next(au->le);
+ 			if (r) {
+ 				aup_list_first_field(au->le);
++				free_interpretation_list();
+ 				load_interpretation_list(r->interp);
+ 			}
+ 		}
+-- 
+
diff --git a/backport-Fix-an-auparse-memory-leak-caused-in-recent-glibc.patch b/backport-Fix-an-auparse-memory-leak-caused-in-recent-glibc.patch
new file mode 100644
index 0000000..e06ed9b
--- /dev/null
+++ b/backport-Fix-an-auparse-memory-leak-caused-in-recent-glibc.patch
@@ -0,0 +1,35 @@
+From 16246878c503d7395ae668817bf629e05361fec5 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Thu, 29 Jul 2021 18:39:22 -0400
+Subject: [PATCH] Fix an auparse memory leak caused in recent glibc
+
+---
+ auparse/interpret.c | 4 ++++-
+ 1 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 2813acb..33c173e 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -50,6 +50,7 @@
+ #include <sys/personality.h>
+ #include <sys/prctl.h>
+ #include <sched.h>
++#include <limits.h>     /* PATH_MAX */
+ #ifdef USE_FANOTIFY
+ #include <linux/fanotify.h>
+ #else
+@@ -865,8 +866,10 @@ static const char *print_escaped_ext(const idata *id)
+ 			str1 = NULL;
+ 		}
+ 		errno = 0;
+-		out = realpath(str3, NULL);
++		out = malloc(PATH_MAX);
++		realpath(str3, out);
+ 		if (errno) { // If there's an error, just return the original
++			free(out);
+ 			free(str1);
+ 			free(str2);
+ 			return str3;
+-- 
+
diff --git a/backport-Fix-double-free-with-corrupted-logs.patch b/backport-Fix-double-free-with-corrupted-logs.patch
new file mode 100644
index 0000000..c252d88
--- /dev/null
+++ b/backport-Fix-double-free-with-corrupted-logs.patch
@@ -0,0 +1,36 @@
+From 0177e03f0809da0007f09504b789eba4b8cbe739 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Fri, 6 Aug 2021 17:03:41 -0400
+Subject: [PATCH] Fix double free with corrupted logs
+
+---
+ src/ausearch-parse.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
+index 9ee4a4f..cb7d481 100644
+--- a/src/ausearch-parse.c
++++ b/src/ausearch-parse.c
+@@ -420,8 +420,10 @@ try_again:
+ 		str = strstr(term, "comm=");
+ 		if (str) {
+ 			/* Make the syscall one override */
+-			if (s->comm)
++			if (s->comm) {
+ 				free(s->comm);
++				s->comm = NULL;
++			}
+ 			str += 5;
+ 			if (*str == '"') {
+ 				str++;
+@@ -431,7 +433,7 @@ try_again:
+ 				*term = 0;
+ 				s->comm = strdup(str);
+ 				*term = '"';
+-			} else 
++			} else
+ 				s->comm = unescape(str);
+ 		} else
+ 			return 38;
+-- 
+
diff --git a/backport-fix-2-more-issues-found-by-fuzzing.patch b/backport-fix-2-more-issues-found-by-fuzzing.patch
new file mode 100644
index 0000000..0a31778
--- /dev/null
+++ b/backport-fix-2-more-issues-found-by-fuzzing.patch
@@ -0,0 +1,46 @@
+From f4683d04eadb7d76b98497af834f027d6005d893 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Mon, 9 Aug 2021 17:14:17 -0400
+Subject: [PATCH] fix 2 more issues found by fuzzing
+
+---
+ auparse/auparse.c | 8 +++++++-
+ auparse/ellist.c  | 4 +++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index b0e685a..3cf512a 100644
+--- a/auparse/auparse.c
++++ b/auparse/auparse.c
+@@ -1611,7 +1611,13 @@ static int au_auparse_next_event(auparse_state_t *au)
+ 		}
+ 		aup_list_create(l);
+ 		aup_list_set_event(l, &e);
+-		aup_list_append(l, au->cur_buf, au->list_idx, au->line_number);
++		if (aup_list_append(l, au->cur_buf, au->list_idx,
++				    au->line_number) < 0) {
++			au->cur_buf = NULL;
++			aup_list_clear(l);
++			free(l);
++			continue;
++		}
+ 		// Eat standalone EOE - main event was already marked complete
+ 		if (l->head->type == AUDIT_EOE) {
+ 			au->cur_buf = NULL;
+diff --git a/auparse/ellist.c b/auparse/ellist.c
+index 7d9c552..dd711bc 100644
+--- a/auparse/ellist.c
++++ b/auparse/ellist.c
+@@ -290,7 +290,9 @@ static int parse_up_record(rnode* r)
+ 					while (ptr && *ptr != '}') {
+ 						len = strlen(ptr);
+ 						if ((len+1) >= (256-total)) {
+-							free(buf);
++						   if (nvlist_get_cnt(&r->nv)
++									 == 0)
++								free(buf);
+ 							return -1;
+ 						}
+ 						if (tmpctx[0]) {
+-- 
+
-- 
Gitee