Package: golang-github-docker-docker-credential-helpers / 0.6.1-4

Metadata

Package Version Patches format
golang-github-docker-docker-credential-helpers 0.6.1-4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix free err.patch | (download)

secretservice/secretservice_linux.go | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 c.free(unsafe.pointer(err)) -> defer c.g_error_free(err)

Cherry-picked from upstream and reworked to apply to v0.6.1. Hopefully
upstream issue a release one day, but hey, that's docker...

cve 2019 1020014 Fix a double free in the List functions.patch | (download)

osxkeychain/osxkeychain_darwin.c | 1 0 + 1 - 0 !
osxkeychain/osxkeychain_darwin.go | 5 2 + 3 - 0 !
secretservice/secretservice_linux.c | 1 0 + 1 - 0 !
secretservice/secretservice_linux.go | 4 2 + 2 - 0 !
4 files changed, 4 insertions(+), 7 deletions(-)

 [patch] fix a double free in the list functions

The code was set up so that it would free the individual items and the data
in `freeListData`, but there was already a Go `defer` to free the data item,
resulting in a double free.

Remove the `free` in `freeListData` and leave the original one.

In addition, move the `defer` for freeing the list data before the error
check, so that the data is also free in the error case. This just removes
a minor leak.

This vulnerability was discovered by:
Jasiel Spelman of Trend Micro Zero Day Initiative and Trend Micro Team Nebula

Signed-off-by: Justin Cormack <justin.cormack@docker.com>