gnu: guile-ssh: Fix potential double-free/use-after-free issue.
Fixes <http://bugs.gnu.org/26976>. Reported by Mark H Weaver <mhw@netris.org>. * gnu/packages/patches/guile-ssh-double-free.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ssh.scm (guile-ssh)[source](patches): Add it.master
parent
4ee6584cbf
commit
c383dc520f
|
@ -651,6 +651,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/guile-relocatable.patch \
|
||||
%D%/packages/patches/guile-rsvg-pkgconfig.patch \
|
||||
%D%/packages/patches/guile-ssh-rexec-bug.patch \
|
||||
%D%/packages/patches/guile-ssh-double-free.patch \
|
||||
%D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch \
|
||||
%D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \
|
||||
%D%/packages/patches/gtk2-theme-paths.patch \
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
Fix a double-free or use-after-free issue with Guile-SSH used
|
||||
with Guile 2.2. See <https://bugs.gnu.org/26976>.
|
||||
|
||||
diff --git a/libguile-ssh/channel-type.c b/libguile-ssh/channel-type.c
|
||||
index 3dd641f..0839854 100644
|
||||
--- a/libguile-ssh/channel-type.c
|
||||
+++ b/libguile-ssh/channel-type.c
|
||||
@@ -229,10 +229,11 @@ ptob_close (SCM channel)
|
||||
ssh_channel_free (ch->ssh_channel);
|
||||
}
|
||||
|
||||
+ SCM_SETSTREAM (channel, NULL);
|
||||
+
|
||||
#if USING_GUILE_BEFORE_2_2
|
||||
scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
|
||||
scm_gc_free (pt->read_buf, pt->read_buf_size, "port read buffer");
|
||||
- SCM_SETSTREAM (channel, NULL);
|
||||
|
||||
return 0;
|
||||
#endif
|
||||
diff --git a/libguile-ssh/sftp-file-type.c b/libguile-ssh/sftp-file-type.c
|
||||
index 8879924..f87cf03 100644
|
||||
--- a/libguile-ssh/sftp-file-type.c
|
||||
+++ b/libguile-ssh/sftp-file-type.c
|
||||
@@ -224,10 +224,11 @@ ptob_close (SCM sftp_file)
|
||||
sftp_close (fd->file);
|
||||
}
|
||||
|
||||
+ SCM_SETSTREAM (sftp_file, NULL);
|
||||
+
|
||||
#if USING_GUILE_BEFORE_2_2
|
||||
scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
|
||||
scm_gc_free (pt->read_buf, pt->read_buf_size, "port read buffer");
|
||||
- SCM_SETSTREAM (sftp_file, NULL);
|
||||
|
||||
return 1;
|
||||
#endif
|
|
@ -226,7 +226,8 @@ Additionally, various channel-specific options can be negotiated.")
|
|||
(sha256
|
||||
(base32
|
||||
"0r261i8kc3avbmbwgyzak2vnqwssjlgz37g2y2fwm80w9bmn2m7j"))
|
||||
(patches (search-patches "guile-ssh-rexec-bug.patch"))
|
||||
(patches (search-patches "guile-ssh-rexec-bug.patch"
|
||||
"guile-ssh-double-free.patch"))
|
||||
(modules '((guix build utils)))
|
||||
(snippet
|
||||
;; 'configure.ac' mistakenly tries to link files from examples/
|
||||
|
|
Reference in New Issue