File _service:obs_scm:bugfix-for-use-after-free-abou... of Package ltrace

File _service:obs_scm:bugfix-for-use-after-free-about-soname.patch of Package ltrace

From 8eccd30f5d3ae0be17f2a75116600f5fca9c76db Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Sat, 4 May 2019 16:51:52 +0800
Subject: [PATCH] bugfix for use after free about soname

==18904==ERROR: AddressSanitizer: heap-use-after-free on address 0xffffa0d00313 at pc 0xffffa3d1bc70 bp 0xffffe9c118d0 sp 0xffffe9c11948
READ of size 5 at 0xffffa0d00313 thread T0
    #0 0xffffa3d1bc6f  (/usr/lib64/libasan.so.4+0x50c6f)
    #1 0xaaaae94e1d67 in library_get_prototype /root/rpmbuild/BUILD/ltrace-0.7.91/output.c:198
    #2 0xaaaae94e2f8f in lookup_symbol_prototype /root/rpmbuild/BUILD/ltrace-0.7.91/output.c:243
    #3 0xaaaae94e383b in lookup_symbol_prototype /root/rpmbuild/BUILD/ltrace-0.7.91/output.c:703
    #4 0xaaaae94e383b in output_right /root/rpmbuild/BUILD/ltrace-0.7.91/output.c:644
    #5 0xaaaae94e08d3 in output_right_tos /root/rpmbuild/BUILD/ltrace-0.7.91/handle_event.c:665
    #6 0xaaaae94e1a4f in handle_breakpoint /root/rpmbuild/BUILD/ltrace-0.7.91/handle_event.c:703
    #7 0xaaaae94e1a4f in handle_event /root/rpmbuild/BUILD/ltrace-0.7.91/handle_event.c:200
    #8 0xaaaae94ce237 in ltrace_main /root/rpmbuild/BUILD/ltrace-0.7.91/libltrace.c:174
    #9 0xaaaae94cdd1f in main /root/rpmbuild/BUILD/ltrace-0.7.91/main.c:55
    #10 0xffffa38ecadf in __libc_start_main (/lib64/libc.so.6+0x20adf)
    #11 0xaaaae94cdd5f  (/ltrace+0x9d5f)

0xffffa0d00313 is located 3 bytes inside of 8-byte region [0xffffa0d00310,0xffffa0d00318)
freed by thread T0 here:
    #0 0xffffa3d9b6c3 in free (/usr/lib64/libasan.so.4+0xd06c3)
    #1 0xaaaae94d101f in private_process_destroy /root/rpmbuild/BUILD/ltrace-0.7.91/proc.c:273
    #2 0xaaaae94d10ab in remove_process /root/rpmbuild/BUILD/ltrace-0.7.91/proc.c:753
    #3 0xaaaae94e0d73 in handle_exit_signal /root/rpmbuild/BUILD/ltrace-0.7.91/handle_event.c:521
    #4 0xaaaae94e0d73 in handle_event /root/rpmbuild/BUILD/ltrace-0.7.91/handle_event.c:142
    #5 0xaaaae94ce237 in ltrace_main /root/rpmbuild/BUILD/ltrace-0.7.91/libltrace.c:174
    #6 0xaaaae94cdd1f in main /root/rpmbuild/BUILD/ltrace-0.7.91/main.c:55
    #7 0xffffa38ecadf in __libc_start_main (/lib64/libc.so.6+0x20adf)
    #8 0xaaaae94cdd5f  (/ltrace+0x9d5f)

previously allocated by thread T0 here:
    #0 0xffffa3d3e34f in strdup (/usr/lib64/libasan.so.4+0x7334f)
    #1 0xaaaae94cfb2b in process_bare_init /root/rpmbuild/BUILD/ltrace-0.7.91/proc.c:128
    #2 0xaaaae94cfcbf in process_init /root/rpmbuild/BUILD/ltrace-0.7.91/proc.c:214
    #3 0xaaaae94cfe17 in open_program /root/rpmbuild/BUILD/ltrace-0.7.91/proc.c:330
    #4 0xaaaae94ce09f in ltrace_init /root/rpmbuild/BUILD/ltrace-0.7.91/libltrace.c:125
    #5 0xaaaae94cdd1b in main /root/rpmbuild/BUILD/ltrace-0.7.91/main.c:47
    #6 0xffffa38ecadf in __libc_start_main (/lib64/libc.so.6+0x20adf)
    #7 0xaaaae94cdd5f  (/ltrace+0x9d5f)

SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib64/libasan.so.4+0x50c6f) 
Shadow bytes around the buggy address:
  0x200ff41a0010: fa fa fd fa fa fa fd fa fa fa fd fa fa fa 00 00
  0x200ff41a0020: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x200ff41a0030: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x200ff41a0040: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x200ff41a0050: fa fa 00 00 fa fa fd fa fa fa fd fa fa fa fd fd
=>0x200ff41a0060: fa fa[fd]fa fa fa 00 07 fa fa 06 fa fa fa 05 fa
  0x200ff41a0070: fa fa 00 00 fa fa 05 fa fa fa 00 00 fa fa 00 00
  0x200ff41a0080: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 01 fa
  0x200ff41a0090: fa fa 00 00 fa fa 00 00 fa fa 01 fa fa fa 00 00
  0x200ff41a00a0: fa fa 04 fa fa fa 04 fa fa fa 00 fa fa fa fd fd
  0x200ff41a00b0: fa fa 04 fa fa fa 04 fa fa fa 00 fa fa fa 04 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
=================================================================
==18904==ERROR: AddressSanitizer: heap-use-after-free on address 0xffffa0d00313 at pc 0xffffa3d3fbe4 bp 0xffffe9c118c0 sp 0xffffe9c11938
READ of size 5 at 0xffffa0d00313 thread T0
    #0 0xffffa3d3fbe3  (/usr/lib64/libasan.so.4+0x74be3)
    #1 0xaaaae94e1db3 in memcpy /usr/include/bits/string_fortified.h:34
    #2 0xaaaae94e1db3 in library_get_prototype /root/rpmbuild/BUILD/ltrace-0.7.91/output.c:200
    #3 0xaaaae94e2f8f in lookup_symbol_prototype /root/rpmbuild/BUILD/ltrace-0.7.91/output.c:243
    #4 0xaaaae94e383b in lookup_symbol_prototype /root/rpmbuild/BUILD/ltrace-0.7.91/output.c:703
    #5 0xaaaae94e383b in output_right /root/rpmbuild/BUILD/ltrace-0.7.91/output.c:644
    #6 0xaaaae94e08d3 in output_right_tos /root/rpmbuild/BUILD/ltrace-0.7.91/handle_event.c:665
    #7 0xaaaae94e1a4f in handle_breakpoint /root/rpmbuild/BUILD/ltrace-0.7.91/handle_event.c:703
    #8 0xaaaae94e1a4f in handle_event /root/rpmbuild/BUILD/ltrace-0.7.91/handle_event.c:200
    #9 0xaaaae94ce237 in ltrace_main /root/rpmbuild/BUILD/ltrace-0.7.91/libltrace.c:174
    #10 0xaaaae94cdd1f in main /root/rpmbuild/BUILD/ltrace-0.7.91/main.c:55
    #11 0xffffa38ecadf in __libc_start_main (/lib64/libc.so.6+0x20adf)
    #12 0xaaaae94cdd5f  (/ltrace+0x9d5f)

SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib64/libasan.so.4+0x74be3)
---
 ltrace-elf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ltrace-elf.c b/ltrace-elf.c
index f638342..286790a 100644
--- a/ltrace-elf.c
+++ b/ltrace-elf.c
@@ -1214,12 +1214,14 @@ read_module(struct library *lib, struct process *proc,
 			goto fail;
 		library_set_soname(lib, soname, 1);
 	} else {
+		char *soname_str = NULL;
 		const char *soname = rindex(lib->pathname, '/');
 		if (soname != NULL)
 			soname += 1;
 		else
 			soname = lib->pathname;
-		library_set_soname(lib, soname, 0);
+		soname_str = strdup(soname);
+		library_set_soname(lib, soname_str, 1);
 	}
 
 	/* XXX The double cast should be removed when
-- 
2.19.1