From 3cf6abdb95ecc85ea6ba98b2d0f7c7ea8d5e41cd Mon Sep 17 00:00:00 2001
From: miaoguanqin <miaoguanqin@huawei.com>
Date: Thu, 7 Sep 2023 17:22:07 +0800
Subject: [PATCH] fix CVE-2023-28938 for mdadm

(cherry picked from commit 4e0b4fc83cec58447442daf0f8aa87325a33874b)
---
 6021-Fix-memory-leak-after-mdadm-detail.patch | 76 +++++++++++++++++++
 mdadm.spec                                    |  6 +-
 2 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 6021-Fix-memory-leak-after-mdadm-detail.patch

diff --git a/6021-Fix-memory-leak-after-mdadm-detail.patch b/6021-Fix-memory-leak-after-mdadm-detail.patch
new file mode 100644
index 0000000..7f30c5e
--- /dev/null
+++ b/6021-Fix-memory-leak-after-mdadm-detail.patch
@@ -0,0 +1,76 @@
+From 7d374a1869d3a84971d027a7f4233878c8f25a62 Mon Sep 17 00:00:00 2001
+From: Mateusz Grzonka <mateusz.grzonka@intel.com>
+Date: Tue, 27 Jul 2021 10:25:18 +0200
+Subject: [PATCH] Fix memory leak after "mdadm --detail"
+
+Signed-off-by: Mateusz Grzonka <mateusz.grzonka@intel.com>
+Signed-off-by: Jes Sorensen <jsorensen@fb.com>
+---
+ Detail.c | 20 +++++++++-----------
+ 1 file changed, 9 insertions(+), 11 deletions(-)
+
+diff --git a/Detail.c b/Detail.c
+index ad56344f..d3af0ab5 100644
+--- a/Detail.c
++++ b/Detail.c
+@@ -66,11 +66,11 @@ int Detail(char *dev, struct context *c)
+ 	int spares = 0;
+ 	struct stat stb;
+ 	int failed = 0;
+-	struct supertype *st;
++	struct supertype *st = NULL;
+ 	char *subarray = NULL;
+ 	int max_disks = MD_SB_DISKS; /* just a default */
+ 	struct mdinfo *info = NULL;
+-	struct mdinfo *sra;
++	struct mdinfo *sra = NULL;
+ 	struct mdinfo *subdev;
+ 	char *member = NULL;
+ 	char *container = NULL;
+@@ -93,8 +93,7 @@ int Detail(char *dev, struct context *c)
+ 	if (!sra) {
+ 		if (md_get_array_info(fd, &array)) {
+ 			pr_err("%s does not appear to be an md device\n", dev);
+-			close(fd);
+-			return rv;
++			goto out;
+ 		}
+ 	}
+ 	external = (sra != NULL && sra->array.major_version == -1 &&
+@@ -108,16 +107,13 @@ int Detail(char *dev, struct context *c)
+ 			    sra->devs == NULL) {
+ 				pr_err("Array associated with md device %s does not exist.\n",
+ 				       dev);
+-				close(fd);
+-				sysfs_free(sra);
+-				return rv;
++				goto out;
+ 			}
+ 			array = sra->array;
+ 		} else {
+ 			pr_err("cannot get array detail for %s: %s\n",
+ 			       dev, strerror(errno));
+-			close(fd);
+-			return rv;
++			goto out;
+ 		}
+ 	}
+ 
+@@ -827,10 +823,12 @@ out:
+ 	close(fd);
+ 	free(subarray);
+ 	free(avail);
+-	for (d = 0; d < n_devices; d++)
+-		free(devices[d]);
++	if (devices)
++		for (d = 0; d < n_devices; d++)
++			free(devices[d]);
+ 	free(devices);
+ 	sysfs_free(sra);
++	free(st);
+ 	return rv;
+ }
+ 
+-- 
+2.27.0
+
diff --git a/mdadm.spec b/mdadm.spec
index d0b5db1..52d1e96 100644
--- a/mdadm.spec
+++ b/mdadm.spec
@@ -1,6 +1,6 @@
 Name:     mdadm
 Version:  4.1
-Release:  rc2.0.14
+Release:  rc2.0.15
 Summary:  The software RAID arrays user manage tools
 License:  GPLv2+
 URL:      http://www.kernel.org/pub/linux/utils/raid/mdadm/
@@ -31,6 +31,7 @@ Patch6017:  6017-Monitor-use-devname-as-char-array-instead-of-pointer.patch
 Patch6018:  6018-mdadm-block-creation-with-long-names.patch
 Patch6019:  6019-mdadm-Don-t-open-md-device-for-CREATE-and-ASSEMBLE.patch
 Patch6020:  6020-fix-NULL-dereference-in-super_by_fd.patch
+Patch6021:  6021-Fix-memory-leak-after-mdadm-detail.patch
 
 BuildRequires:    systemd gcc binutils
 Requires(post):   systemd coreutils
@@ -93,6 +94,9 @@ install -d -m 710 %{buildroot}/var/run/mdadm/
 %{_mandir}/man*/*
 
 %changelog
+* Thu Sep 7 2023 miaoguanqin <miaoguanqin@huawei.com> - 4.1-rc2.0.15
+- fix CVE-2023-28938 for mdadm
+
 * Mon Apr 24 2023 tangyuchen <tangyuchen5@huawei.com> - 4.1-rc2.0.14
 - fix crond cannot find command mdadm
 
-- 
Gitee