Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Pike
python-psutil
bsc1156525-CVE-2019-18874.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc1156525-CVE-2019-18874.patch of Package python-psutil
From: Nanuk Krinner <nkrinner@suse.com> Date: Thur, 28 Nov 2019 Subject: Backport to Pike based on the following upstream patch Backport of the Linux component of the upstream patch for 5.2.2 See also https://github.com/giampaolo/psutil/pull/1616 ====================================================================== From 29815d3a144a4f8a48f91e6d849ff4ba85f69cb1 Mon Sep 17 00:00:00 2001 From: Riccardo Schirone <sirmy15@gmail.com> Date: Tue, 5 Nov 2019 14:30:52 +0100 Subject: [PATCH] Use Py_CLEAR instead of Py_DECREF to also set the variable to NULL These files contain loops that convert system data into python objects and during the process they create objects and dereference their refcounts after they have been added to the resulting list. However, in case of errors during the creation of those python objects, the refcount to previously allocated objects is dropped again with Py_XDECREF, which should be a no-op in case the paramater is NULL. Even so, in most of these loops the variables pointing to the objects are never set to NULL, even after Py_DECREF is called at the end of the loop iteration. This means, after the first iteration, if an error occurs those python objects will get their refcount dropped two times, resulting in a possible double-free. --- psutil/_psutil_aix.c | 18 +++++++------- psutil/_psutil_bsd.c | 30 +++++++++++----------- psutil/_psutil_linux.c | 14 +++++------ psutil/_psutil_osx.c | 39 ++++++++++++++--------------- psutil/_psutil_sunos.c | 43 ++++++++++++++++---------------- psutil/_psutil_windows.c | 54 ++++++++++++++++++++-------------------- 6 files changed, 97 insertions(+), 101 deletions(-) Index: psutil-5.4.6/psutil/_psutil_linux.c =================================================================== --- psutil-5.4.6.orig/psutil/_psutil_linux.c +++ psutil-5.4.6/psutil/_psutil_linux.c diff -Naur a/psutil-5.2.2/psutil/_psutil_linux.c b/psutil-5.2.2/psutil/_psutil_linux.c --- a/psutil-5.2.2/psutil/_psutil_linux.c 2019-11-28 16:28:26.155993014 +0100 +++ b/psutil-5.2.2/psutil/_psutil_linux.c 2019-11-28 16:43:28.117260797 +0100 @@ -222,7 +222,7 @@ goto error; if (PyList_Append(py_retlist, py_tuple)) goto error; - Py_DECREF(py_tuple); + Py_CLEAR(py_tuple); } endmntent(file); return py_retlist; @@ -461,7 +461,7 @@ goto error; if (PyList_Append(py_retlist, py_tuple)) goto error; - Py_DECREF(py_tuple); + Py_CLEAR(py_tuple); } endutent(); return py_retlist;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor