[Debian-iot-maintainers] Bug#1001328: ulfius_url_{encode, decode} call malloc instad of o_malloc
Harald Welte
laforge at gnumonks.org
Wed Dec 8 16:15:22 GMT 2021
Package: libulfius2.7
Version: 2.7.6-1
Severity: important
Tags: patch upstream
X-Debbugs-Cc: Nicolas Mora <github at babelouest.org>
Ulfius has the capability of applications registering their own memory
allocation functions using o_set_alloc_funcs(), as described in API.md
at
https://github.com/babelouest/ulfius/blob/master/API.md#memory-management
Applications such as osmo-remsim make use of this feature to introduce
libtalloc as a tool to help locating memory leaks.
However, from 2.6.0 up to 2.7.6 and current master, ulfius introduced
a bug which renders this feature unusable: Some new code started to bypass
the application-provided malloc-functio but directly call libc-malloc
while passing that libc-malloc-allocated memory to the application-provided
free-function. As every memory allocator expects to receive only memory it
has allocated to its free-function, this immediately crashes every application
with custom allocator functions.
The upstream bug report is at https://github.com/babelouest/ulfius/issues/206
The upstream pull request is at https://github.com/babelouest/ulfius/pull/207
Debian will need to patch/update the ulfius packages for bullseye + sid.
Debian buster is not affected, as it still ships ulfius 2.5.x which is prior
to introducing the bug.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.14.0-4-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_DIE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libulfius2.7 depends on:
ii libc6 2.32-5
ii libcurl3-gnutls 7.79.1-2
ii libgnutls30 3.7.2-2
ii libjansson4 2.13.1-1.1
ii libmicrohttpd12 0.9.73-4
ii liborcania2.2 2.2.1-1+b1
ii libyder2.0 1.4.14-1
ii zlib1g 1:1.2.11.dfsg-2
libulfius2.7 recommends no packages.
libulfius2.7 suggests no packages.
-- no debconf information
-------------- next part --------------
>From a2951c32475a79fccfaa06b7c3c36297c6f6cf5b Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge at osmocom.org>
Date: Wed, 8 Dec 2021 16:57:12 +0100
Subject: [PATCH] u_request: Don't use malloc, but always o_malloc
Allocating memory using malloc, but then free'ing it using o_free will
not work for anyone using a custom memory allocator. The allocations
and free's must either both go to libc, or both via the custom
allocator; one cannot allocate one way and release another.
Closes: #206
---
src/u_request.c | 2 +-
src/ulfius.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/u_request.c b/src/u_request.c
index 385572b..8203c5e 100644
--- a/src/u_request.c
+++ b/src/u_request.c
@@ -143,7 +143,7 @@ static char from_hex(char ch) {
*/
static char * url_decode(const char * str) {
if (str != NULL) {
- char * pstr = (char*)str, * buf = malloc(strlen(str) + 1), * pbuf = buf;
+ char * pstr = (char*)str, * buf = o_malloc(strlen(str) + 1), * pbuf = buf;
while (* pstr) {
if (* pstr == '%') {
if (pstr[1] && pstr[2]) {
diff --git a/src/ulfius.c b/src/ulfius.c
index 0d7da36..8a0caa6 100644
--- a/src/ulfius.c
+++ b/src/ulfius.c
@@ -1842,7 +1842,7 @@ static char to_hex(char code) {
char * ulfius_url_encode(const char * str) {
char * pstr = (char*)str, * buf = NULL, * pbuf = NULL;
if (str != NULL) {
- buf = malloc(strlen(str) * 3 + 1);
+ buf = o_malloc(strlen(str) * 3 + 1);
if (buf != NULL) {
pbuf = buf;
while (* pstr) {
@@ -1876,7 +1876,7 @@ char * ulfius_url_encode(const char * str) {
char * ulfius_url_decode(const char * str) {
char * pstr = (char*)str, * buf = NULL, * pbuf = NULL;
if (str != NULL) {
- buf = malloc(strlen(str) + 1);
+ buf = o_malloc(strlen(str) + 1);
if (buf != NULL) {
pbuf = buf;
while (* pstr) {
--
2.34.1
More information about the Debian-iot-maintainers
mailing list