fixed a HUGE memory leak in install binary(#447410)

coreutils-6.11-matchpathconinstall.patch

@@ -0,0 +1,86 @@
+diff -urNp coreutils-6.11-orig/src/install.c coreutils-6.11/src/install.c
+--- coreutils-6.11-orig/src/install.c	2008-05-20 16:08:03.000000000 +0200
++++ coreutils-6.11/src/install.c	2008-05-20 16:12:27.000000000 +0200
+@@ -85,6 +85,7 @@ static bool install_file_in_dir (const c
+ 				 const struct cp_options *x);
+ static bool install_file_in_file (const char *from, const char *to,
+ 				  const struct cp_options *x);
++static void set_prefix (const char* from_dir, const char* to_dir);
+ static void get_ids (void);
+ static void strip (char const *name);
+ static void announce_mkdir (char const *dir, void *options);
+@@ -200,25 +201,25 @@ cp_option_init (struct cp_options *x)
+   x->src_info = NULL;
+ }
+ 
+-/* Modify file context to match the specified policy.
+-   If an error occurs the file will remain with the default directory
+-   context.  */
+-static void
+-setdefaultfilecon (char const *file)
++static void 
++set_prefix (char const *from_dir, char const *to_dir)
+ {
++  const char *from_base = last_component (from_dir);
++  char *file = file_name_concat (to_dir, from_base, NULL);
+   struct stat st;
+-  security_context_t scontext = NULL;
++  
+   if (selinux_enabled != 1)
+     {
+       /* Indicate no context found. */
+       return;
+     }
++
+   if (lstat (file, &st) != 0)
+     return;
+ 
+   if (IS_ABSOLUTE_FILE_NAME (file))
+     {
+-      /* Calling matchpathcon_init_prefix (NULL, "/first_component/")
++         /* Calling matchpathcon_init_prefix (NULL, "/first_component/")
+ 	 is an optimization to minimize the expense of the following
+ 	 matchpathcon call.  */
+       char const *p0;
+@@ -248,6 +249,26 @@ setdefaultfilecon (char const *file)
+ 	}
+     }
+ 
++  return;
++}
++
++/* Modify file context to match the specified policy.
++   If an error occurs the file will remain with the default directory
++   context.  */
++static void
++setdefaultfilecon (char const *file)
++{
++  struct stat st;
++  security_context_t scontext = NULL;
++  return;
++  if (selinux_enabled != 1)
++    {
++      /* Indicate no context found. */
++      return;
++    }
++  if (lstat (file, &st) != 0)
++    return;
++
+   /* If there's an error determining the context, or it has none,
+      return to allow default context */
+   if ((matchpathcon (file, st.st_mode, &scontext) != 0) ||
+@@ -526,9 +547,13 @@ main (int argc, char **argv)
+ 	{
+ 	  int i;
+ 	  dest_info_init (&x);
+-	  for (i = 0; i < n_files; i++)
++	  set_prefix (file[0], target_directory);
++	  for (i = 0; i < n_files; i++) {
+ 	    if (! install_file_in_dir (file[i], target_directory, &x))
+ 	      exit_status = EXIT_FAILURE;
++          }
++	  if (selinux_enabled)
++	    matchpathcon_fini();
+ 	}
+     }
+ 

coreutils.spec

@@ -1,7 +1,7 @@
 Summary: The GNU core utilities: a set of tools commonly used in shell scripts
 Name:    coreutils
 Version: 6.11
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@@ -51,6 +51,7 @@ Patch916: coreutils-getfacl-exit-code.patch
 #(upstream did some SELinux implementation unlike with RedHat patch)
 Patch950: coreutils-selinux.patch
 Patch951: coreutils-selinuxmanpages.patch
+Patch952: coreutils-6.11-matchpathconinstall.patch
 
 BuildRequires: libselinux-devel >= 1.25.6-1
 BuildRequires: libacl-devel
@@ -128,6 +129,8 @@ cd %name-%version
 #SELinux
 %patch950 -p1 -b .selinux
 %patch951 -p1 -b .selinuxman
+%patch952 -p1 -b .matchcon
+
 
 chmod a+x tests/sort/sort-mb-tests
 chmod a+x tests/misc/id-context
@@ -307,6 +310,9 @@ fi
 /sbin/runuser
 
 %changelog
+* Tue May 20 2008 Ondrej Vasik <ovasik@redhat.com> - 6.11-4
+- fixed a HUGE memory leak in install binary(#447410)
+
 * Mon May 19 2008 Ondrej Vasik <ovasik@redhat.com> - 6.11-3
 - added arch utility (from util-linux-ng)
 - do not show executable file types without executable bit