38 lines
1.7 KiB
Diff
38 lines
1.7 KiB
Diff
# Prevent gdbm from storing uninitialized memory content
|
|
# to database files. This patch improves security, as the
|
|
# uninitialized memory might contain sensitive informations
|
|
# from other applications.
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=4457
|
|
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=208927
|
|
|
|
--- src/falloc.c.zeroheaders 2011-11-11 11:59:11.000000000 +0100
|
|
+++ src/falloc.c 2011-11-14 17:34:32.487604027 +0100
|
|
@@ -255,7 +255,7 @@ push_avail_block (GDBM_FILE dbf)
|
|
|
|
|
|
/* Split the header block. */
|
|
- temp = (avail_block *) malloc (av_size);
|
|
+ temp = (avail_block *) calloc (1, av_size);
|
|
if (temp == NULL) _gdbm_fatal (dbf, _("malloc error"));
|
|
/* Set the size to be correct AFTER the pop_avail_block. */
|
|
temp->size = dbf->header->avail.size;
|
|
--- src/gdbmopen.c.zeroheaders 2011-11-11 19:39:42.000000000 +0100
|
|
+++ src/gdbmopen.c 2011-11-14 17:33:24.867608650 +0100
|
|
@@ -264,7 +264,7 @@ gdbm_open (const char *file, int block_s
|
|
(dbf->header->block_size - sizeof (hash_bucket))
|
|
/ sizeof (bucket_element) + 1;
|
|
dbf->header->bucket_size = dbf->header->block_size;
|
|
- dbf->bucket = (hash_bucket *) malloc (dbf->header->bucket_size);
|
|
+ dbf->bucket = (hash_bucket *) calloc (1, dbf->header->bucket_size);
|
|
if (dbf->bucket == NULL)
|
|
{
|
|
gdbm_close (dbf);
|
|
@@ -456,7 +456,7 @@ _gdbm_init_cache(GDBM_FILE dbf, size_t s
|
|
for(index = 0; index < size; index++)
|
|
{
|
|
(dbf->bucket_cache[index]).ca_bucket
|
|
- = (hash_bucket *) malloc (dbf->header->bucket_size);
|
|
+ = (hash_bucket *) calloc (1, dbf->header->bucket_size);
|
|
if ((dbf->bucket_cache[index]).ca_bucket == NULL)
|
|
{
|
|
gdbm_errno = GDBM_MALLOC_ERROR;
|