Skip to content

Commit

Permalink
[Auditbeat] Fix issues with multiple calls to rpmReadConfigFiles (#12168
Browse files Browse the repository at this point in the history
) (#12188)

This patch fixes two issues in Auditbeat's system/package on RPM
distros:

- Multiple calls to rpmReadConfigFiles lead to a crash (segmentation
  fault). It is necessary to call rpmFreeRpmrc after each call to
  rpmReadConfigFiles.

  See [1] for a similar issue.

- In addition, it is also necessary to call rpmFreeMacros (when
  available) to avoid leaking memory after each
  rpmReadConfigFiles call.

1: https://lists.fedorahosted.org/pipermail/anaconda-patches/2015-February/015826.html

Fixes #12147

(cherry picked from commit a1a7d7e)
  • Loading branch information
adriansr authored May 15, 2019
1 parent 1fa89cc commit 163c6d1
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ https://github.com/elastic/beats/compare/v6.7.2...6.8[Check the HEAD diff]
- Package dataset: Log error when Homebrew is not installed. {pull}11667[11667]
- Process dataset: Fixed a memory leak under Windows. {pull}12100[12100]
- Login dataset: Fix re-read of utmp files. {pull}12028[12028]
- Package dataset: Fixed a crash inside librpm after Auditbeat has been running for a while. {issue}12147[12147] {pull}12168[12168]

*Filebeat*

Expand Down
30 changes: 30 additions & 0 deletions x-pack/auditbeat/module/system/package/rpm_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,20 @@ my_rpmtsCreate(void *f) {
return rpmtsCreate();
}
void
my_rpmFreeMacros(void *f) {
void (*rpmFreeMacros)(void *);
rpmFreeMacros = (void(*)(void*))f;
rpmFreeMacros(NULL);
}
void
my_rpmFreeRpmrc(void *f) {
void (*rpmFreeRpmrc)(void);
rpmFreeRpmrc = (void (*)(void))f;
rpmFreeRpmrc();
}
int
my_rpmReadConfigFiles(void *f) {
int (*rpmReadConfigFiles)(const char*, const char*);
Expand Down Expand Up @@ -163,6 +177,8 @@ type cFunctions struct {
rpmdbFreeIterator unsafe.Pointer
rpmtsFree unsafe.Pointer
rpmsqSetInterruptSafety unsafe.Pointer
rpmFreeRpmrc unsafe.Pointer
rpmFreeMacros unsafe.Pointer
}

var cFun *cFunctions
Expand Down Expand Up @@ -238,10 +254,19 @@ func dlopenCFunctions() (*cFunctions, error) {
return nil, err
}

cFun.rpmFreeRpmrc, err = librpm.GetSymbolPointer("rpmFreeRpmrc")
if err != nil {
return nil, err
}

// Only available in librpm>=4.13.0
cFun.rpmsqSetInterruptSafety, err = librpm.GetSymbolPointer("rpmsqSetInterruptSafety")
// no error check

// Only available in librpm>=4.6.0
cFun.rpmFreeMacros, err = librpm.GetSymbolPointer("rpmFreeMacros")
// no error check

return &cFun, nil
}

Expand Down Expand Up @@ -271,10 +296,15 @@ func listRPMPackages() ([]*Package, error) {
return nil, fmt.Errorf("Failed to get rpmts")
}
defer C.my_rpmtsFree(cFun.rpmtsFree, rpmts)

res := C.my_rpmReadConfigFiles(cFun.rpmReadConfigFiles)
if int(res) != 0 {
return nil, fmt.Errorf("Error: %d", int(res))
}
defer C.my_rpmFreeRpmrc(cFun.rpmFreeRpmrc)
if cFun.rpmFreeMacros != nil {
defer C.my_rpmFreeMacros(cFun.rpmFreeMacros)
}

mi := C.my_rpmtsInitIterator(cFun.rpmtsInitIterator, rpmts)
if mi == nil {
Expand Down

0 comments on commit 163c6d1

Please sign in to comment.