diff --git a/conmon.spec b/conmon.spec index 9bf56fe..8073248 100644 --- a/conmon.spec +++ b/conmon.spec @@ -8,12 +8,13 @@ Summary: OCI container runtime monitor Name: conmon Version: 2.1.9 -Release: 1 +Release: 2 License: Apache v2.0 Group: Applications/System #Source0Download: https://github.com/containers/conmon/releases Source0: https://github.com/containers/conmon/archive/v%{version}/%{name}-%{version}.tar.gz # Source0-md5: f5dca5c1f79aeb4689bd9986d1c69b55 +Patch0: crash.patch URL: https://github.com/containers/conmon BuildRequires: glib2-devel %{?with_docs:BuildRequires: go-md2man} @@ -30,6 +31,7 @@ or crun) for a single container. %prep %setup -q +%patch0 -p1 %{__rm} -r tools/vendor diff --git a/crash.patch b/crash.patch new file mode 100644 index 0000000..2f0fdbd --- /dev/null +++ b/crash.patch @@ -0,0 +1,31 @@ +From 8557c117bcab03e3c16e40ffb7bd450d697f72c7 Mon Sep 17 00:00:00 2001 +From: Dominique Martinet +Date: Fri, 15 Dec 2023 12:44:03 +0900 +Subject: [PATCH] Fix incorrect free in conn_sock + +Earlier commit freed socket_parent_dir()'s result which is correct in +the case it returns a path from g_build_filename, but when it returns +opt_bundle_path the string should not be freed. + +Make the function always return an allocated string that can be freed + +Fixes: #475 +Fixes: fad6bac8e65f ("fix some issues flagged by SAST scan") +Signed-off-by: Dominique Martinet +--- + src/conn_sock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/conn_sock.c b/src/conn_sock.c +index 62a02266..3b854e33 100644 +--- a/src/conn_sock.c ++++ b/src/conn_sock.c +@@ -314,7 +314,7 @@ char *socket_parent_dir(gboolean use_full_attach_path, size_t desired_len) + { + /* if we're to use the full path, ignore the socket path and only use the bundle_path */ + if (use_full_attach_path) +- return opt_bundle_path; ++ return strdup(opt_bundle_path); + + char *base_path = g_build_filename(opt_socket_path, opt_cuuid, NULL); +