Overview

File bsc1156525-CVE-2019-18874.patch of Package python-psutil

From: Nanuk Krinner <nkrinner@suse.com>
Date: Thur, 28 Nov 2019
Subject: Backport to Pike based on the following upstream patch

Backport of the Linux component of the upstream patch for 5.2.2
See also https://github.com/giampaolo/psutil/pull/1616


======================================================================
From 29815d3a144a4f8a48f91e6d849ff4ba85f69cb1 Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <sirmy15@gmail.com>
Date: Tue, 5 Nov 2019 14:30:52 +0100
Subject: [PATCH] Use Py_CLEAR instead of Py_DECREF to also set the variable to
 NULL

These files contain loops that convert system data into python objects
and during the process they create objects and dereference their
refcounts after they have been added to the resulting list.

However, in case of errors during the creation of those python objects,
the refcount to previously allocated objects is dropped again with
Py_XDECREF, which should be a no-op in case the paramater is NULL. Even
so, in most of these loops the variables pointing to the objects are
never set to NULL, even after Py_DECREF is called at the end of the loop
iteration. This means, after the first iteration, if an error occurs
those python objects will get their refcount dropped two times,
resulting in a possible double-free.
---
 psutil/_psutil_aix.c     | 18 +++++++-------
 psutil/_psutil_bsd.c     | 30 +++++++++++-----------
 psutil/_psutil_linux.c   | 14 +++++------
 psutil/_psutil_osx.c     | 39 ++++++++++++++---------------
 psutil/_psutil_sunos.c   | 43 ++++++++++++++++----------------
 psutil/_psutil_windows.c | 54 ++++++++++++++++++++--------------------
 6 files changed, 97 insertions(+), 101 deletions(-)
Index: psutil-5.4.6/psutil/_psutil_linux.c
===================================================================
--- psutil-5.4.6.orig/psutil/_psutil_linux.c
+++ psutil-5.4.6/psutil/_psutil_linux.c
diff -Naur a/psutil-5.2.2/psutil/_psutil_linux.c b/psutil-5.2.2/psutil/_psutil_linux.c
--- a/psutil-5.2.2/psutil/_psutil_linux.c	2019-11-28 16:28:26.155993014 +0100
+++ b/psutil-5.2.2/psutil/_psutil_linux.c	2019-11-28 16:43:28.117260797 +0100
@@ -222,7 +222,7 @@
             goto error;
         if (PyList_Append(py_retlist, py_tuple))
             goto error;
-        Py_DECREF(py_tuple);
+        Py_CLEAR(py_tuple);
     }
     endmntent(file);
     return py_retlist;
@@ -461,7 +461,7 @@
             goto error;
         if (PyList_Append(py_retlist, py_tuple))
             goto error;
-        Py_DECREF(py_tuple);
+        Py_CLEAR(py_tuple);
     }
     endutent();
     return py_retlist;
openSUSE Build Service is sponsored by
Places