Check warc_write_ok (fix use-after-free)

backport-src-warc.c-warc_write_end_record-Check-warc_write_ok.patch

@@ -0,0 +1,27 @@
+From bb0aa299e9f71fc93d51903e0ff7e5bb2547b93e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Sun, 5 May 2024 17:59:20 +0200
+Subject: [PATCH] * src/warc.c (warc_write_end_record): Check warc_write_ok
+ (fix use-after-free)"
+
+---
+ src/warc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/warc.c b/src/warc.c
+index 756d71ef..a90266f3 100644
+--- a/src/warc.c
++++ b/src/warc.c
+@@ -327,6 +327,9 @@ warc_write_block_from_file (FILE *data_in)
+ static bool
+ warc_write_end_record (void)
+ {
++  if (!warc_write_ok)
++    return warc_write_ok;
++
+   if (warc_write_buffer ("\r\n\r\n", 4) != 4)
+     {
+       warc_write_ok = false;
+-- 
+2.33.0
+

wget.spec

@@ -1,6 +1,6 @@
 Name:          wget
 Version:       1.21.2
-Release:       4
+Release:       5
 Summary:       A package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols.
 License:       GPLv3+
 Url:           http://www.gnu.org/software/wget/
@@ -10,6 +10,7 @@ Patch0:        backport-wget-1.21-ssl-init-output.patch
 Patch1:        backport-wget-1.21-segfault.patch
 Patch2:        backport-src-main.c-main-Remove-unused-variable.patch
 Patch3:        backport-CVE-2024-38428.patch
+Patch4:        backport-src-warc.c-warc_write_end_record-Check-warc_write_ok.patch
 
 Provides:      webclient bundled(gnulib)
 BuildRequires: perl-HTTP-Daemon python3 libuuid-devel perl-podlators libpsl-devel libmetalink-devel
@@ -57,6 +58,12 @@ make check
 %{_infodir}/*
 
 %changelog
+* Thu Jun 27 2024 xingwei <xingwei14@h-parters.com> - 1.21.2-5
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Check warc_write_ok (fix use-after-free)
+
 * Sun Jun 16 2024 xuchenchen <xuchenchen@kylinos.cn> -1.21.2-4
 - Type:CVES
 - ID:NA