Update to upstream 0.79.7
Also fix rpm warning about embedded % in a comment
This commit is contained in:
parent
b7968d8ead
commit
7eca3b6000
1
.gitignore
vendored
1
.gitignore
vendored
@ -123,3 +123,4 @@ certmonger-0.28.tar.gz
|
|||||||
/certmonger-0.79.4.tar.gz
|
/certmonger-0.79.4.tar.gz
|
||||||
/certmonger-0.79.5.tar.gz
|
/certmonger-0.79.5.tar.gz
|
||||||
/certmonger-0.79.6.tar.gz
|
/certmonger-0.79.6.tar.gz
|
||||||
|
/certmonger-0.79.7.tar.gz
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,49 +0,0 @@
|
|||||||
From c029b32c04a9a5993b9c8715fb82421fee613137 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 31 Aug 2018 10:37:12 -0400
|
|
||||||
Subject: [PATCH 2/7] Include the token name when a PIN is provided but is
|
|
||||||
unused
|
|
||||||
|
|
||||||
This improves the output so the user will know which token
|
|
||||||
the PIN is missing for. Theoretically it should be the token
|
|
||||||
they asked for but this will show certmogner's view of it.
|
|
||||||
---
|
|
||||||
src/certread-n.c | 6 +++---
|
|
||||||
src/keygen-n.c | 4 ++--
|
|
||||||
2 files changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certread-n.c b/src/certread-n.c
|
|
||||||
index f2e78c07..57a38dcf 100644
|
|
||||||
--- a/src/certread-n.c
|
|
||||||
+++ b/src/certread-n.c
|
|
||||||
@@ -259,9 +259,9 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
if ((pin != NULL) &&
|
|
||||||
(strlen(pin) > 0) &&
|
|
||||||
(cb_data.n_attempts == 0)) {
|
|
||||||
- cm_log(1, "PIN was not needed to auth to cert "
|
|
||||||
- "db, though one was provided. "
|
|
||||||
- "Treating this as an error.\n");
|
|
||||||
+ cm_log(1, "PIN was not needed to auth to token "
|
|
||||||
+ "%s, though one was provided. "
|
|
||||||
+ "Treating this as an error.\n", token);
|
|
||||||
goto next_slot;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
|
||||||
index 8078a520..84b0bbd3 100644
|
|
||||||
--- a/src/keygen-n.c
|
|
||||||
+++ b/src/keygen-n.c
|
|
||||||
@@ -400,8 +400,8 @@ next_slot:
|
|
||||||
(strlen(pin) > 0) &&
|
|
||||||
(cb_data.n_attempts == 0)) {
|
|
||||||
cm_log(1, "PIN was not needed to auth to key "
|
|
||||||
- "store, though one was provided. "
|
|
||||||
- "Treating this as an error.\n");
|
|
||||||
+ "store token %s, though one was provided. "
|
|
||||||
+ "Treating this as an error.\n", token);
|
|
||||||
PK11_FreeSlotList(slotlist);
|
|
||||||
error = NSS_ShutdownContext(ctx);
|
|
||||||
if (error != SECSuccess) {
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,134 +0,0 @@
|
|||||||
From f396b19b2c222fa0a50e9bb9704059af4578e678 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 31 Aug 2018 12:08:35 -0400
|
|
||||||
Subject: [PATCH 3/7] Add utility function to get the internal token name
|
|
||||||
|
|
||||||
The NSS internal token is the default if no token is specified for
|
|
||||||
the cert or the key.
|
|
||||||
---
|
|
||||||
src/certread-n.c | 6 +++++-
|
|
||||||
src/certsave-n.c | 3 +++
|
|
||||||
src/keygen-n.c | 3 +++
|
|
||||||
src/keyiread-n.c | 3 +++
|
|
||||||
src/submit-n.c | 5 ++++-
|
|
||||||
src/util-n.c | 6 ++++++
|
|
||||||
src/util-n.h | 1 +
|
|
||||||
7 files changed, 25 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certread-n.c b/src/certread-n.c
|
|
||||||
index 57a38dcf..1d9217c6 100644
|
|
||||||
--- a/src/certread-n.c
|
|
||||||
+++ b/src/certread-n.c
|
|
||||||
@@ -190,6 +190,9 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
cm_log(1, "Error reading PIN for cert db.\n");
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
|
||||||
}
|
|
||||||
+ if (entry->cm_cert_token == NULL) {
|
|
||||||
+ entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
for (sle = slotlist->head;
|
|
||||||
((sle != NULL) && (sle->slot != NULL));
|
|
||||||
@@ -253,7 +256,8 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
}
|
|
||||||
error = PK11_Authenticate(sle->slot, PR_TRUE, &cb_data);
|
|
||||||
if (error != SECSuccess) {
|
|
||||||
- cm_log(1, "Error authenticating to cert db.\n");
|
|
||||||
+ cm_log(1, "certread-n: Error authenticating to cert db "
|
|
||||||
+ "slot %s.\n", PK11_GetTokenName(sle->slot));
|
|
||||||
goto next_slot;
|
|
||||||
}
|
|
||||||
if ((pin != NULL) &&
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index af176ce5..193309c5 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -214,6 +214,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
+ if (entry->cm_cert_token == NULL) {
|
|
||||||
+ entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
for (sle = slotlist->head;
|
|
||||||
((sle != NULL) && (sle->slot != NULL));
|
|
||||||
sle = sle->next)
|
|
||||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
|
||||||
index 84b0bbd3..f7fdf6c0 100644
|
|
||||||
--- a/src/keygen-n.c
|
|
||||||
+++ b/src/keygen-n.c
|
|
||||||
@@ -272,6 +272,9 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
cm_log(1, "Error locating token for key generation.\n");
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_NO_TOKEN);
|
|
||||||
}
|
|
||||||
+ if (entry->cm_cert_token == NULL) {
|
|
||||||
+ entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
/* Walk the list looking for the requested slot, or the first one if
|
|
||||||
* none was requested. */
|
|
||||||
slot = NULL;
|
|
||||||
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
|
|
||||||
index 89913aa2..b8408bf1 100644
|
|
||||||
--- a/src/keyiread-n.c
|
|
||||||
+++ b/src/keyiread-n.c
|
|
||||||
@@ -152,6 +152,9 @@ cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite)
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
+ if (entry->cm_key_token == NULL) {
|
|
||||||
+ entry->cm_key_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
n_tokens = 0;
|
|
||||||
pubkey = NULL;
|
|
||||||
/* In practice, the internal slot is either a non-storage slot (in
|
|
||||||
diff --git a/src/submit-n.c b/src/submit-n.c
|
|
||||||
index 872153ea..da07d253 100644
|
|
||||||
--- a/src/submit-n.c
|
|
||||||
+++ b/src/submit-n.c
|
|
||||||
@@ -346,6 +346,9 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
|
||||||
cm_log(1, "Error reading PIN for key storage.\n");
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
+ if (args->entry->cm_key_token == NULL) {
|
|
||||||
+ args->entry->cm_key_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
n_tokens = 0;
|
|
||||||
/* In practice, the internal slot is either a non-storage slot (in
|
|
||||||
@@ -402,7 +405,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
|
||||||
}
|
|
||||||
error = PK11_Authenticate(slot, PR_TRUE, &cb_data);
|
|
||||||
if (error != SECSuccess) {
|
|
||||||
- cm_log(1, "Error authenticating to token "
|
|
||||||
+ cm_log(1, "submit-n: Error authenticating to token "
|
|
||||||
"\"%s\".\n", token);
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
diff --git a/src/util-n.c b/src/util-n.c
|
|
||||||
index 7805e58e..293e2583 100644
|
|
||||||
--- a/src/util-n.c
|
|
||||||
+++ b/src/util-n.c
|
|
||||||
@@ -287,3 +287,9 @@ util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry)
|
|
||||||
util_set_db_owner_perms(dbdir, secmoddb, entry->cm_cert_owner,
|
|
||||||
entry->cm_cert_perms);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+char *
|
|
||||||
+util_internal_token_name()
|
|
||||||
+{
|
|
||||||
+ return strdup(PK11_GetTokenName(PK11_GetInternalKeySlot()));
|
|
||||||
+}
|
|
||||||
diff --git a/src/util-n.h b/src/util-n.h
|
|
||||||
index 8a918d5c..637fd4b1 100644
|
|
||||||
--- a/src/util-n.h
|
|
||||||
+++ b/src/util-n.h
|
|
||||||
@@ -29,5 +29,6 @@ void util_set_db_entry_key_owner(const char *dbdir,
|
|
||||||
struct cm_store_entry *entry);
|
|
||||||
void util_set_db_entry_cert_owner(const char *dbdir,
|
|
||||||
struct cm_store_entry *entry);
|
|
||||||
+char * util_internal_token_name();
|
|
||||||
|
|
||||||
#endif
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
From 6ebe5695a626c6cd254b249bbebf9846bcb936c0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Tue, 4 Sep 2018 11:06:13 -0400
|
|
||||||
Subject: [PATCH 4/7] Only de-duplicate certificates within the same token
|
|
||||||
|
|
||||||
certmonger may not have read/write access to tokens other than
|
|
||||||
the one it is examining so don't try to de-duplicate certificates
|
|
||||||
on other tokens.
|
|
||||||
---
|
|
||||||
src/certsave-n.c | 8 +++++---
|
|
||||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index 193309c5..d0152cad 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -391,8 +391,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
!CERT_LIST_EMPTY(certlist) &&
|
|
||||||
!CERT_LIST_END(node, certlist);
|
|
||||||
node = CERT_LIST_NEXT(node)) {
|
|
||||||
- if (!SECITEM_ItemsAreEqual(&subject,
|
|
||||||
- &node->cert->derSubject)) {
|
|
||||||
+ if ((!SECITEM_ItemsAreEqual(&subject,
|
|
||||||
+ &node->cert->derSubject)) &&
|
|
||||||
+ (sle->slot == node->cert->slot)) {
|
|
||||||
cm_log(3, "Found a "
|
|
||||||
"certificate "
|
|
||||||
"with the same "
|
|
||||||
@@ -441,7 +442,8 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
node = CERT_LIST_NEXT(node)) {
|
|
||||||
if ((node->cert->nickname != NULL) &&
|
|
||||||
(strcmp(entry->cm_cert_nickname,
|
|
||||||
- node->cert->nickname) != 0))
|
|
||||||
+ node->cert->nickname) != 0) &&
|
|
||||||
+ (sle->slot == node->cert->slot))
|
|
||||||
{
|
|
||||||
i++;
|
|
||||||
cm_log(3, "Found a "
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
From 697dd085e7b2ce15eefc454509987270131d7f1e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Tue, 4 Sep 2018 16:59:28 -0400
|
|
||||||
Subject: [PATCH 5/7] Ensure that an OpenSSL random seed file exists when
|
|
||||||
testing
|
|
||||||
|
|
||||||
Otherwise some openssl command-line invocations will fail and
|
|
||||||
because of the way the tests are done the error message is not
|
|
||||||
shown.
|
|
||||||
---
|
|
||||||
tests/Makefile.am | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
|
||||||
index 4e407434..fe368dc0 100644
|
|
||||||
--- a/tests/Makefile.am
|
|
||||||
+++ b/tests/Makefile.am
|
|
||||||
@@ -433,6 +433,9 @@ subdirs += \
|
|
||||||
endif
|
|
||||||
|
|
||||||
check: all
|
|
||||||
+ if [ ! -e $$HOME/.rnd ] ; then \
|
|
||||||
+ openssl rand -writerand $$HOME/.rnd; \
|
|
||||||
+ fi
|
|
||||||
for required in certutil cmsutil pk12util openssl diff cmp mktemp \
|
|
||||||
dos2unix unix2dos dbus-launch ; do \
|
|
||||||
which $$required || exit 1; \
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From e93ecadec7c868f4227e084ffb65c70a6efd7314 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Tue, 4 Sep 2018 18:12:18 -0400
|
|
||||||
Subject: [PATCH 6/7] Log test failures of bad pin
|
|
||||||
|
|
||||||
Previously this would show a "don't know why" failure.
|
|
||||||
---
|
|
||||||
tests/tools/certsave.c | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tests/tools/certsave.c b/tests/tools/certsave.c
|
|
||||||
index ac0f73ec..fd86a4c1 100644
|
|
||||||
--- a/tests/tools/certsave.c
|
|
||||||
+++ b/tests/tools/certsave.c
|
|
||||||
@@ -106,6 +106,11 @@ main(int argc, char **argv)
|
|
||||||
printf("Failed to save (%s:%s), "
|
|
||||||
"filesystem permissions error.\n",
|
|
||||||
ctype, entry->cm_cert_storage_location);
|
|
||||||
+ } else
|
|
||||||
+ if (cm_certsave_pin_error(state) == 0) {
|
|
||||||
+ printf("Failed to save (%s:%s), "
|
|
||||||
+ "pin error.\n",
|
|
||||||
+ ctype, entry->cm_cert_storage_location);
|
|
||||||
} else {
|
|
||||||
printf("Failed to save (%s:%s), "
|
|
||||||
"don't know why.\n",
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,95 +0,0 @@
|
|||||||
From 15d406ee3afbb52832d5c61a1afb735724d109a2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Tue, 18 Sep 2018 10:21:28 -0400
|
|
||||||
Subject: [PATCH 7/7] Use only PK11_ImportCert to import certs, not
|
|
||||||
CERT_ImportCerts
|
|
||||||
|
|
||||||
CERT_ImportCerts always imports a given certificate into the
|
|
||||||
certificate database, whether a token is requested or not.
|
|
||||||
|
|
||||||
Using PK11_ImportCert will import the cert, associate the key
|
|
||||||
properly and will only add the certificate to the appropriate
|
|
||||||
token.
|
|
||||||
---
|
|
||||||
src/certsave-n.c | 37 +++++++++++--------------------------
|
|
||||||
1 file changed, 11 insertions(+), 26 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index d0152cad..fcb43148 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -100,7 +100,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
NSSInitContext *ctx;
|
|
||||||
CERTCertDBHandle *certdb;
|
|
||||||
CERTCertList *certlist;
|
|
||||||
- CERTCertificate **returned, *oldcert, cert;
|
|
||||||
+ CERTCertificate *oldcert, *newcert, cert;
|
|
||||||
CERTCertTrust trust;
|
|
||||||
CERTSignedData csdata;
|
|
||||||
CERTCertListNode *node;
|
|
||||||
@@ -497,33 +497,18 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* Import the certificate. */
|
|
||||||
- returned = NULL;
|
|
||||||
- error = CERT_ImportCerts(certdb,
|
|
||||||
- certUsageUserCertImport,
|
|
||||||
- 1, &item, &returned,
|
|
||||||
- PR_TRUE,
|
|
||||||
- PR_FALSE,
|
|
||||||
- entry->cm_cert_nickname);
|
|
||||||
- ec = PORT_GetError();
|
|
||||||
- if (error == SECSuccess) {
|
|
||||||
- /* If NSS uses SQL DB storage, CERT_ImportCerts creates
|
|
||||||
- * an incomplete internal state (the cert isn't
|
|
||||||
- * associated with the private key, and calling
|
|
||||||
- * PK11_FindKeyByAnyCert returns no result).
|
|
||||||
- * As a workaround, we import the cert again using
|
|
||||||
- * PK11_ImportCert, which magically fixes the issue.
|
|
||||||
- * See rhbz#1532188 */
|
|
||||||
+ newcert = CERT_DecodeCertFromPackage((char *)item->data, item->len);
|
|
||||||
+ if (newcert != NULL) {
|
|
||||||
error = PK11_ImportCert(sle->slot,
|
|
||||||
- returned[0],
|
|
||||||
+ newcert,
|
|
||||||
CK_INVALID_HANDLE,
|
|
||||||
- returned[0]->nickname,
|
|
||||||
+ entry->cm_cert_nickname,
|
|
||||||
PR_FALSE);
|
|
||||||
}
|
|
||||||
if (error == SECSuccess) {
|
|
||||||
- cm_log(1, "Imported certificate \"%s\", got "
|
|
||||||
+ cm_log(1, "Imported certificate with "
|
|
||||||
"nickname \"%s\".\n",
|
|
||||||
- entry->cm_cert_nickname,
|
|
||||||
- returned[0]->nickname);
|
|
||||||
+ entry->cm_cert_nickname);
|
|
||||||
status = 0;
|
|
||||||
/* Set the trust on the new certificate,
|
|
||||||
* perhaps matching the trust on an
|
|
||||||
@@ -536,7 +521,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
trust.objectSigningFlags = CERTDB_USER;
|
|
||||||
}
|
|
||||||
error = CERT_ChangeCertTrust(certdb,
|
|
||||||
- returned[0],
|
|
||||||
+ newcert,
|
|
||||||
&trust);
|
|
||||||
ec = PORT_GetError();
|
|
||||||
if (error != SECSuccess) {
|
|
||||||
@@ -621,10 +606,10 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
}
|
|
||||||
/* If we managed to import the certificate, mark its
|
|
||||||
* key for having its nickname removed. */
|
|
||||||
- if ((returned != NULL) && (returned[0] != NULL)) {
|
|
||||||
- privkey = PK11_FindKeyByAnyCert(returned[0], NULL);
|
|
||||||
+ if (newcert != NULL) {
|
|
||||||
+ privkey = PK11_FindKeyByAnyCert(newcert, NULL);
|
|
||||||
privkeys = add_privkey_to_list(privkeys, privkey);
|
|
||||||
- CERT_DestroyCertArray(returned, 1);
|
|
||||||
+ CERT_DestroyCertificate(newcert);
|
|
||||||
}
|
|
||||||
/* In case we're rekeying, but failed, mark the
|
|
||||||
* candidate key for name-clearing or removal, too. */
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,95 +0,0 @@
|
|||||||
From 5d2554ed31fa6bc121d94efe533f9e4fea3900aa Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 4 Oct 2018 08:21:35 -0400
|
|
||||||
Subject: [PATCH 09/16] Fix memory leak in util_internal_token_name()
|
|
||||||
|
|
||||||
Allocate memory using the talloc context instead of relying on
|
|
||||||
the caller to call free().
|
|
||||||
---
|
|
||||||
src/certread-n.c | 2 +-
|
|
||||||
src/certsave-n.c | 2 +-
|
|
||||||
src/keygen-n.c | 2 +-
|
|
||||||
src/keyiread-n.c | 2 +-
|
|
||||||
src/submit-n.c | 2 +-
|
|
||||||
src/util-n.c | 2 +-
|
|
||||||
6 files changed, 6 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certread-n.c b/src/certread-n.c
|
|
||||||
index 1d9217c6..d535030b 100644
|
|
||||||
--- a/src/certread-n.c
|
|
||||||
+++ b/src/certread-n.c
|
|
||||||
@@ -191,7 +191,7 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
|
||||||
}
|
|
||||||
if (entry->cm_cert_token == NULL) {
|
|
||||||
- entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
for (sle = slotlist->head;
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index fcb43148..49b28324 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -215,7 +215,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
if (entry->cm_cert_token == NULL) {
|
|
||||||
- entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
for (sle = slotlist->head;
|
|
||||||
((sle != NULL) && (sle->slot != NULL));
|
|
||||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
|
||||||
index f7fdf6c0..76a5c1d3 100644
|
|
||||||
--- a/src/keygen-n.c
|
|
||||||
+++ b/src/keygen-n.c
|
|
||||||
@@ -273,7 +273,7 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_NO_TOKEN);
|
|
||||||
}
|
|
||||||
if (entry->cm_cert_token == NULL) {
|
|
||||||
- entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
/* Walk the list looking for the requested slot, or the first one if
|
|
||||||
* none was requested. */
|
|
||||||
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
|
|
||||||
index b8408bf1..8f46ec0f 100644
|
|
||||||
--- a/src/keyiread-n.c
|
|
||||||
+++ b/src/keyiread-n.c
|
|
||||||
@@ -153,7 +153,7 @@ cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite)
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
if (entry->cm_key_token == NULL) {
|
|
||||||
- entry->cm_key_token = util_internal_token_name();
|
|
||||||
+ entry->cm_key_token = talloc_strdup(entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
n_tokens = 0;
|
|
||||||
pubkey = NULL;
|
|
||||||
diff --git a/src/submit-n.c b/src/submit-n.c
|
|
||||||
index da07d253..ee6f3105 100644
|
|
||||||
--- a/src/submit-n.c
|
|
||||||
+++ b/src/submit-n.c
|
|
||||||
@@ -347,7 +347,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
if (args->entry->cm_key_token == NULL) {
|
|
||||||
- args->entry->cm_key_token = util_internal_token_name();
|
|
||||||
+ args->entry->cm_key_token = talloc_strdup(args->entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
n_tokens = 0;
|
|
||||||
diff --git a/src/util-n.c b/src/util-n.c
|
|
||||||
index 293e2583..4ab3d47b 100644
|
|
||||||
--- a/src/util-n.c
|
|
||||||
+++ b/src/util-n.c
|
|
||||||
@@ -291,5 +291,5 @@ util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry)
|
|
||||||
char *
|
|
||||||
util_internal_token_name()
|
|
||||||
{
|
|
||||||
- return strdup(PK11_GetTokenName(PK11_GetInternalKeySlot()));
|
|
||||||
+ return PK11_GetTokenName(PK11_GetInternalKeySlot());
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,266 +0,0 @@
|
|||||||
From 648fe74986f2a84416805cfd73206e9e67166ae2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 13 Sep 2018 15:40:23 -0400
|
|
||||||
Subject: [PATCH 10/16] clang: Dead assignment
|
|
||||||
|
|
||||||
---
|
|
||||||
src/casave.c | 4 +++-
|
|
||||||
src/keygen-n.c | 1 -
|
|
||||||
src/keyiread-n.c | 1 -
|
|
||||||
src/store-files.c | 2 --
|
|
||||||
src/store-gen.c | 3 ---
|
|
||||||
src/submit-e.c | 54 ++++++++++++++++++++++++++------------------------
|
|
||||||
src/submit-u.c | 2 --
|
|
||||||
src/tdbush.c | 8 ++++++--
|
|
||||||
tests/tools/addcinfo.c | 1 -
|
|
||||||
tests/tools/certsave.c | 4 +++-
|
|
||||||
10 files changed, 40 insertions(+), 40 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/casave.c b/src/casave.c
|
|
||||||
index 5fb31b8d..bde63f99 100644
|
|
||||||
--- a/src/casave.c
|
|
||||||
+++ b/src/casave.c
|
|
||||||
@@ -163,7 +163,6 @@ cm_casave_main_n(int fd, struct cm_store_ca *ca, struct cm_store_entry *e,
|
|
||||||
decoded = CERT_DecodeCertFromPackage(package,
|
|
||||||
strlen(package));
|
|
||||||
p = state->certs[i]->nickname;
|
|
||||||
- ttrust = ",,";
|
|
||||||
switch (state->certs[i]->level) {
|
|
||||||
case root:
|
|
||||||
case other_root:
|
|
||||||
@@ -178,6 +177,9 @@ cm_casave_main_n(int fd, struct cm_store_ca *ca, struct cm_store_entry *e,
|
|
||||||
ttrust = ",,";
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
+ default:
|
|
||||||
+ ttrust = ",,";
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
memset(&trust, 0, sizeof(trust));
|
|
||||||
CERT_DecodeTrustString(&trust, ttrust);
|
|
||||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
|
||||||
index 76a5c1d3..061bd2af 100644
|
|
||||||
--- a/src/keygen-n.c
|
|
||||||
+++ b/src/keygen-n.c
|
|
||||||
@@ -591,7 +591,6 @@ retry_gen:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- generated_size = SECKEY_PublicKeyStrengthInBits(pubkey);
|
|
||||||
cm_log(1, "Ended up with %d bit public key.\n",
|
|
||||||
SECKEY_PublicKeyStrengthInBits(pubkey));
|
|
||||||
/* Check for keys with the desired name, selecting a new name if
|
|
||||||
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
|
|
||||||
index 8f46ec0f..91b1be41 100644
|
|
||||||
--- a/src/keyiread-n.c
|
|
||||||
+++ b/src/keyiread-n.c
|
|
||||||
@@ -492,7 +492,6 @@ cm_keyiread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
readwrite = settings->readwrite;
|
|
||||||
keys = cm_keyiread_n_get_keys(entry, readwrite);
|
|
||||||
alg = "";
|
|
||||||
- size = 0;
|
|
||||||
if (keys != NULL) {
|
|
||||||
switch (SECKEY_GetPrivateKeyType(keys->privkey)) {
|
|
||||||
case rsaKey:
|
|
||||||
diff --git a/src/store-files.c b/src/store-files.c
|
|
||||||
index 06a17485..df1fa336 100644
|
|
||||||
--- a/src/store-files.c
|
|
||||||
+++ b/src/store-files.c
|
|
||||||
@@ -2182,7 +2182,6 @@ cm_store_entry_delete(struct cm_store_entry *entry)
|
|
||||||
} else {
|
|
||||||
cm_log(3, "No file to remove for \"%s\".\n",
|
|
||||||
entry->cm_nickname);
|
|
||||||
- ret = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
@@ -2469,7 +2468,6 @@ cm_store_ca_delete(struct cm_store_ca *ca)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
cm_log(3, "No file to remove for \"%s\".\n", ca->cm_nickname);
|
|
||||||
- ret = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/src/store-gen.c b/src/store-gen.c
|
|
||||||
index 5ce4ab84..da32afc8 100644
|
|
||||||
--- a/src/store-gen.c
|
|
||||||
+++ b/src/store-gen.c
|
|
||||||
@@ -530,8 +530,6 @@ cm_store_hex_to_bin(const char *serial, unsigned char *buf, int length)
|
|
||||||
const char *p, *q, *chars = "0123456789abcdef";
|
|
||||||
unsigned char *b, u;
|
|
||||||
|
|
||||||
- p = serial;
|
|
||||||
- b = buf;
|
|
||||||
u = 0;
|
|
||||||
for (p = serial, b = buf;
|
|
||||||
((*p != '\0') && ((b - buf) < length));
|
|
||||||
@@ -606,7 +604,6 @@ cm_store_canonicalize_path(void *parent, const char *path)
|
|
||||||
for (p = tmp; *p != '\0'; p++) {
|
|
||||||
if ((strncmp(p, "/.", 2) == 0) &&
|
|
||||||
((p[2] == '/') || (p[2] == '\0'))) {
|
|
||||||
- q = p - 1;
|
|
||||||
memmove(p, p + 2, strlen(p + 2) + 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/src/submit-e.c b/src/submit-e.c
|
|
||||||
index 8ba8e44c..d6158d7a 100644
|
|
||||||
--- a/src/submit-e.c
|
|
||||||
+++ b/src/submit-e.c
|
|
||||||
@@ -587,32 +587,34 @@ cm_submit_e_postprocess_main(int fd, struct cm_store_ca *ca,
|
|
||||||
estate->msg_length, NULL);
|
|
||||||
msg = cm_json_new_object(estate);
|
|
||||||
chain = cm_json_new_array(msg);
|
|
||||||
- if (leaf != NULL) {
|
|
||||||
- cert = cm_json_new_string(msg, leaf, -1);
|
|
||||||
- cm_json_set(msg, CM_SUBMIT_E_CERTIFICATE, cert);
|
|
||||||
- }
|
|
||||||
- for (i = 0;
|
|
||||||
- (others != NULL) && (others[i] != NULL);
|
|
||||||
- i++) {
|
|
||||||
- cert = cm_json_new_object(chain);
|
|
||||||
- val = cm_json_new_string(cert, others[i], -1);
|
|
||||||
- cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
|
||||||
- nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
|
||||||
- nick = cm_json_new_string(cert, nthnick, -1);
|
|
||||||
- cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
|
||||||
- cm_json_append(chain, cert);
|
|
||||||
- }
|
|
||||||
- if (top!= NULL) {
|
|
||||||
- cert = cm_json_new_object(chain);
|
|
||||||
- val = cm_json_new_string(cert, top, -1);
|
|
||||||
- cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
|
||||||
- nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
|
||||||
- nick = cm_json_new_string(cert, nthnick, -1);
|
|
||||||
- cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
|
||||||
- cm_json_append(chain, cert);
|
|
||||||
- }
|
|
||||||
- if (cm_json_array_size(chain) > 0) {
|
|
||||||
- cm_json_set(msg, CM_SUBMIT_E_CHAIN, chain);
|
|
||||||
+ if (i == 0) {
|
|
||||||
+ if (leaf != NULL) {
|
|
||||||
+ cert = cm_json_new_string(msg, leaf, -1);
|
|
||||||
+ cm_json_set(msg, CM_SUBMIT_E_CERTIFICATE, cert);
|
|
||||||
+ }
|
|
||||||
+ for (i = 0;
|
|
||||||
+ (others != NULL) && (others[i] != NULL);
|
|
||||||
+ i++) {
|
|
||||||
+ cert = cm_json_new_object(chain);
|
|
||||||
+ val = cm_json_new_string(cert, others[i], -1);
|
|
||||||
+ cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
|
||||||
+ nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
|
||||||
+ nick = cm_json_new_string(cert, nthnick, -1);
|
|
||||||
+ cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
|
||||||
+ cm_json_append(chain, cert);
|
|
||||||
+ }
|
|
||||||
+ if (top!= NULL) {
|
|
||||||
+ cert = cm_json_new_object(chain);
|
|
||||||
+ val = cm_json_new_string(cert, top, -1);
|
|
||||||
+ cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
|
||||||
+ nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
|
||||||
+ nick = cm_json_new_string(cert, nthnick, -1);
|
|
||||||
+ cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
|
||||||
+ cm_json_append(chain, cert);
|
|
||||||
+ }
|
|
||||||
+ if (cm_json_array_size(chain) > 0) {
|
|
||||||
+ cm_json_set(msg, CM_SUBMIT_E_CHAIN, chain);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* Get ready to build an output message. */
|
|
||||||
diff --git a/src/submit-u.c b/src/submit-u.c
|
|
||||||
index dda2edbc..b0b45baf 100644
|
|
||||||
--- a/src/submit-u.c
|
|
||||||
+++ b/src/submit-u.c
|
|
||||||
@@ -120,14 +120,12 @@ cm_submit_u_from_file_single(const char *filename)
|
|
||||||
if (csr == NULL) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
- p = csr;
|
|
||||||
for (i = 0; i < sizeof(strip) / sizeof(strip[0]); i++) {
|
|
||||||
while ((p = strstr(csr, strip[i])) != NULL) {
|
|
||||||
q = p + strcspn(p, "\r\n");
|
|
||||||
memmove(p, q, strlen(q) + 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- p = csr;
|
|
||||||
q = strdup(csr);
|
|
||||||
for (p = csr, i = 0; *p != '\0'; p++) {
|
|
||||||
if (strchr("\r\n\t ", *p) == NULL) {
|
|
||||||
diff --git a/src/tdbush.c b/src/tdbush.c
|
|
||||||
index 1d487222..3184e67a 100644
|
|
||||||
--- a/src/tdbush.c
|
|
||||||
+++ b/src/tdbush.c
|
|
||||||
@@ -2911,7 +2911,6 @@ request_get_key_type_and_size(DBusConnection *conn, DBusMessage *msg,
|
|
||||||
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
||||||
}
|
|
||||||
rep = dbus_message_new_method_return(msg);
|
|
||||||
- type = "UNKNOWN";
|
|
||||||
switch (entry->cm_key_type.cm_key_algorithm) {
|
|
||||||
case cm_key_unspecified:
|
|
||||||
type = "UNKNOWN";
|
|
||||||
@@ -2929,6 +2928,9 @@ request_get_key_type_and_size(DBusConnection *conn, DBusMessage *msg,
|
|
||||||
type = "EC";
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
+ default:
|
|
||||||
+ type = "UNKNOWN";
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
if (rep != NULL) {
|
|
||||||
size = entry->cm_key_type.cm_key_size;
|
|
||||||
@@ -4790,7 +4792,6 @@ cm_tdbush_introspect_method(void *parent,
|
|
||||||
method->cm_name);
|
|
||||||
arg = method->cm_args;
|
|
||||||
while (arg != NULL) {
|
|
||||||
- direction = "unknown";
|
|
||||||
switch (arg->cm_direction) {
|
|
||||||
case cm_tdbush_method_arg_in:
|
|
||||||
direction = "in";
|
|
||||||
@@ -4798,6 +4799,9 @@ cm_tdbush_introspect_method(void *parent,
|
|
||||||
case cm_tdbush_method_arg_out:
|
|
||||||
direction = "out";
|
|
||||||
break;
|
|
||||||
+ default:
|
|
||||||
+ direction = "unknown";
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
ret = talloc_asprintf(parent,
|
|
||||||
"%s\n <arg name=\"%s\" type=\"%s\" "
|
|
||||||
diff --git a/tests/tools/addcinfo.c b/tests/tools/addcinfo.c
|
|
||||||
index d3cea2ca..f016acb4 100644
|
|
||||||
--- a/tests/tools/addcinfo.c
|
|
||||||
+++ b/tests/tools/addcinfo.c
|
|
||||||
@@ -98,7 +98,6 @@ main(int argc, char **argv)
|
|
||||||
PR_ErrorToName(PORT_GetError()));
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
- n = encoded.len;
|
|
||||||
j = 0;
|
|
||||||
while ((i = write(STDOUT_FILENO, encoded.data + j, encoded.len - j)) > 0) {
|
|
||||||
j += i;
|
|
||||||
diff --git a/tests/tools/certsave.c b/tests/tools/certsave.c
|
|
||||||
index fd86a4c1..8ec60ddd 100644
|
|
||||||
--- a/tests/tools/certsave.c
|
|
||||||
+++ b/tests/tools/certsave.c
|
|
||||||
@@ -83,7 +83,6 @@ main(int argc, char **argv)
|
|
||||||
if (cm_certsave_saved(state) == 0) {
|
|
||||||
ret = 0;
|
|
||||||
} else {
|
|
||||||
- ctype = "unknown";
|
|
||||||
switch (entry->cm_cert_storage_type) {
|
|
||||||
case cm_cert_storage_file:
|
|
||||||
ctype = "FILE";
|
|
||||||
@@ -91,6 +90,9 @@ main(int argc, char **argv)
|
|
||||||
case cm_cert_storage_nssdb:
|
|
||||||
ctype = "NSS";
|
|
||||||
break;
|
|
||||||
+ default:
|
|
||||||
+ ctype = "unknown";
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
if (cm_certsave_conflict_subject(state) == 0) {
|
|
||||||
printf("Failed to save (%s:%s), "
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,437 +0,0 @@
|
|||||||
From 3310a25181e94f5e05e671acc12d008cbac339ab Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 13 Sep 2018 15:50:53 -0400
|
|
||||||
Subject: [PATCH 11/16] clang: Memory leak
|
|
||||||
|
|
||||||
---
|
|
||||||
src/certmaster.c | 3 +++
|
|
||||||
src/certsave-o.c | 1 +
|
|
||||||
src/dogtag.c | 3 +++
|
|
||||||
src/ipa.c | 9 ++++++++-
|
|
||||||
src/local.c | 5 +++++
|
|
||||||
src/scep.c | 5 +++++
|
|
||||||
src/srvloc.c | 1 +
|
|
||||||
src/store-files.c | 2 +-
|
|
||||||
src/submit-x.c | 22 ++++++++++++++++++++++
|
|
||||||
src/util.c | 8 +++++++-
|
|
||||||
tests/tools/addcinfo.c | 3 +++
|
|
||||||
tests/tools/base2pem.c | 1 +
|
|
||||||
tests/tools/pem2base.c | 1 +
|
|
||||||
13 files changed, 61 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certmaster.c b/src/certmaster.c
|
|
||||||
index 7e0bed90..4a5cf6af 100644
|
|
||||||
--- a/src/certmaster.c
|
|
||||||
+++ b/src/certmaster.c
|
|
||||||
@@ -160,6 +160,7 @@ main(int argc, const char **argv)
|
|
||||||
CM_SUBMIT_CSR_ENV);
|
|
||||||
}
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -185,11 +186,13 @@ main(int argc, const char **argv)
|
|
||||||
if (ctx == NULL) {
|
|
||||||
fprintf(stderr, "Error setting up for XMLRPC.\n");
|
|
||||||
printf(_("Error setting up for XMLRPC.\n"));
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Add the CSR as the sole argument. */
|
|
||||||
cm_submit_x_add_arg_s(ctx, csr);
|
|
||||||
+ free(csr);
|
|
||||||
|
|
||||||
/* Submit the request. */
|
|
||||||
fprintf(stderr, "Submitting request to \"%s\".\n", uri);
|
|
||||||
diff --git a/src/certsave-o.c b/src/certsave-o.c
|
|
||||||
index 77f54d7e..3d4018d8 100644
|
|
||||||
--- a/src/certsave-o.c
|
|
||||||
+++ b/src/certsave-o.c
|
|
||||||
@@ -258,6 +258,7 @@ cm_certsave_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
if (bin != NULL) {
|
|
||||||
BN_bn2bin(bn, bin);
|
|
||||||
serial = cm_store_hex_from_bin(NULL, bin, BN_num_bytes(bn));
|
|
||||||
+ free(bin);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (serial != NULL) {
|
|
||||||
diff --git a/src/dogtag.c b/src/dogtag.c
|
|
||||||
index cd0b38b7..55607f3d 100644
|
|
||||||
--- a/src/dogtag.c
|
|
||||||
+++ b/src/dogtag.c
|
|
||||||
@@ -536,6 +536,7 @@ main(int argc, const char **argv)
|
|
||||||
CM_SUBMIT_CSR_ENV);
|
|
||||||
}
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
csr = cm_submit_u_url_encode(csr);
|
|
||||||
@@ -588,6 +589,8 @@ main(int argc, const char **argv)
|
|
||||||
params = talloc_asprintf(ctx,
|
|
||||||
"%s&%s=%s",
|
|
||||||
params, p, q);
|
|
||||||
+ free(p);
|
|
||||||
+ free(q);
|
|
||||||
}
|
|
||||||
use_agent_approval = FALSE;
|
|
||||||
break;
|
|
||||||
diff --git a/src/ipa.c b/src/ipa.c
|
|
||||||
index 67a0c651..acd1a4e2 100644
|
|
||||||
--- a/src/ipa.c
|
|
||||||
+++ b/src/ipa.c
|
|
||||||
@@ -226,6 +226,7 @@ cm_locate_xmlrpc_service(const char *server,
|
|
||||||
if (basedn == NULL) {
|
|
||||||
i = cm_find_default_naming_context(ld, &basedn);
|
|
||||||
if (i != 0) {
|
|
||||||
+ free(basedn);
|
|
||||||
return i;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -526,6 +527,7 @@ fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri,
|
|
||||||
if (basedn == NULL) {
|
|
||||||
i = cm_find_default_naming_context(ld, &basedn);
|
|
||||||
if (i != 0) {
|
|
||||||
+ free(basedn);
|
|
||||||
return i;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -802,6 +804,7 @@ main(int argc, const char **argv)
|
|
||||||
printf(_("Unable to read signing request from environment variable \"%s\".\n"),
|
|
||||||
CM_SUBMIT_CSR_ENV);
|
|
||||||
}
|
|
||||||
+ free(csr);
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
@@ -903,12 +906,16 @@ main(int argc, const char **argv)
|
|
||||||
|
|
||||||
if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) ||
|
|
||||||
(strcasecmp(mode, CM_OP_POLL) == 0)) {
|
|
||||||
- return submit_or_poll(uri, cainfo, capath, server,
|
|
||||||
+ int ret;
|
|
||||||
+ ret = submit_or_poll(uri, cainfo, capath, server,
|
|
||||||
ldap_uri_cmd, ldap_uri, host, domain,
|
|
||||||
basedn, uid, pwd, csr, reqprinc, profile,
|
|
||||||
issuer);
|
|
||||||
+ free(csr);
|
|
||||||
+ return ret;
|
|
||||||
} else
|
|
||||||
if (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0) {
|
|
||||||
+ free(csr);
|
|
||||||
return fetch_roots(server, ldap_uri_cmd, ldap_uri, host,
|
|
||||||
uid, pwd, domain, basedn);
|
|
||||||
}
|
|
||||||
diff --git a/src/local.c b/src/local.c
|
|
||||||
index f437d62e..92bea144 100644
|
|
||||||
--- a/src/local.c
|
|
||||||
+++ b/src/local.c
|
|
||||||
@@ -559,6 +559,7 @@ main(int argc, const char **argv)
|
|
||||||
printf(_("Unable to read signing request.\n"));
|
|
||||||
cm_log(1, "Unable to read signing request.\n");
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
/* Take the lock. */
|
|
||||||
@@ -568,6 +569,7 @@ main(int argc, const char **argv)
|
|
||||||
&signer, &key);
|
|
||||||
if ((i != 0) || (signer == NULL)) {
|
|
||||||
cm_log(1, "Error reading signer info.\n");
|
|
||||||
+ free(csr);
|
|
||||||
/* Try again sometime later. */
|
|
||||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
|
||||||
}
|
|
||||||
@@ -577,11 +579,13 @@ main(int argc, const char **argv)
|
|
||||||
if ((fp == NULL) && (errno != ENOENT)) {
|
|
||||||
cm_log(1, "Error reading '%s': %s.\n", serial,
|
|
||||||
strerror(errno));
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
|
||||||
}
|
|
||||||
if (fp != NULL) {
|
|
||||||
if (fgets(buf, sizeof(buf), fp) == NULL) {
|
|
||||||
fclose(fp);
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
|
||||||
}
|
|
||||||
buf[strcspn(buf, "\r\n")] = '\0';
|
|
||||||
@@ -601,6 +605,7 @@ main(int argc, const char **argv)
|
|
||||||
/* Actually sign the request. */
|
|
||||||
i = cm_submit_o_sign(parent, csr, signer, key, hexserial,
|
|
||||||
now, 0, &cert);
|
|
||||||
+ free(csr);
|
|
||||||
if ((i == 0) && (cert != NULL)) {
|
|
||||||
/* Roll the serial number up. */
|
|
||||||
hexserial = cm_store_increment_serial(parent,
|
|
||||||
diff --git a/src/scep.c b/src/scep.c
|
|
||||||
index 72dff3d5..68eae788 100644
|
|
||||||
--- a/src/scep.c
|
|
||||||
+++ b/src/scep.c
|
|
||||||
@@ -338,6 +338,7 @@ main(int argc, const char **argv)
|
|
||||||
}
|
|
||||||
if (c != -1) {
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(cainfo);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -386,6 +387,7 @@ main(int argc, const char **argv)
|
|
||||||
}
|
|
||||||
if ((message == NULL) || (strlen(message) == 0)) {
|
|
||||||
printf(_("Error reading request. Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n"));
|
|
||||||
+ free(cainfo);
|
|
||||||
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
||||||
}
|
|
||||||
/* First step: read capabilities for our use. */
|
|
||||||
@@ -405,6 +407,7 @@ main(int argc, const char **argv)
|
|
||||||
}
|
|
||||||
if ((message == NULL) || (strlen(message) == 0)) {
|
|
||||||
printf(_("Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, got nothing.\n"));
|
|
||||||
+ free(cainfo);
|
|
||||||
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
||||||
}
|
|
||||||
/* First step: read capabilities for our use. */
|
|
||||||
@@ -416,6 +419,7 @@ main(int argc, const char **argv)
|
|
||||||
/* Supply help output, if it's needed. */
|
|
||||||
if (missing_args) {
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(cainfo);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -492,6 +496,7 @@ main(int argc, const char **argv)
|
|
||||||
verbose > 1 ?
|
|
||||||
cm_submit_h_curl_verbose_on :
|
|
||||||
cm_submit_h_curl_verbose_off);
|
|
||||||
+ free(cainfo);
|
|
||||||
cm_submit_h_run(hctx);
|
|
||||||
content_type = cm_submit_h_result_type(hctx);
|
|
||||||
if (content_type == NULL) {
|
|
||||||
diff --git a/src/srvloc.c b/src/srvloc.c
|
|
||||||
index acab55bf..e8f3f5a5 100644
|
|
||||||
--- a/src/srvloc.c
|
|
||||||
+++ b/src/srvloc.c
|
|
||||||
@@ -189,6 +189,7 @@ cm_srvloc_resolve(void *parent, const char *name, const char *udomain,
|
|
||||||
domain = strdup(udomain);
|
|
||||||
#endif
|
|
||||||
i = res_querydomain(name, domain, C_IN, T_SRV, answer, answer_len);
|
|
||||||
+ free(domain);
|
|
||||||
if (i == -1) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
diff --git a/src/store-files.c b/src/store-files.c
|
|
||||||
index df1fa336..b97ba5ff 100644
|
|
||||||
--- a/src/store-files.c
|
|
||||||
+++ b/src/store-files.c
|
|
||||||
@@ -558,8 +558,8 @@ cm_store_file_read_lines(void *parent, FILE *fp)
|
|
||||||
case ';':
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
+ free(buf);
|
|
||||||
}
|
|
||||||
- free(buf);
|
|
||||||
/* If we were reading a line, append it to the list. */
|
|
||||||
if (s != NULL) {
|
|
||||||
tlines = talloc_realloc(parent, lines, char *, n_lines + 2);
|
|
||||||
diff --git a/src/submit-x.c b/src/submit-x.c
|
|
||||||
index 60bcf78a..fa81e9aa 100644
|
|
||||||
--- a/src/submit-x.c
|
|
||||||
+++ b/src/submit-x.c
|
|
||||||
@@ -75,6 +75,8 @@ cm_submit_x_ccache_realm(char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
@@ -84,6 +86,8 @@ cm_submit_x_ccache_realm(char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
@@ -93,6 +97,8 @@ cm_submit_x_ccache_realm(char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
@@ -139,6 +145,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
fprintf(stderr, "Error initializing Kerberos: %s.\n", ret);
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -152,6 +160,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -163,6 +173,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
principal, ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -174,6 +186,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -195,6 +209,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -213,6 +229,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -227,6 +245,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -237,6 +257,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
diff --git a/src/util.c b/src/util.c
|
|
||||||
index 67143d52..373bb533 100644
|
|
||||||
--- a/src/util.c
|
|
||||||
+++ b/src/util.c
|
|
||||||
@@ -98,7 +98,7 @@ read_config_file(const char *filename)
|
|
||||||
char *
|
|
||||||
get_config_entry(char * in_data, const char *section, const char *key)
|
|
||||||
{
|
|
||||||
- char *ptr = NULL, *p, *tmp;
|
|
||||||
+ char *ptr = NULL, *p, *tmp = NULL;
|
|
||||||
char *line;
|
|
||||||
int in_section = 0;
|
|
||||||
char * data = strdup(in_data);
|
|
||||||
@@ -129,9 +129,12 @@ get_config_entry(char * in_data, const char *section, const char *key)
|
|
||||||
}
|
|
||||||
if (strcmp(section, tmp) == 0) {
|
|
||||||
free(tmp);
|
|
||||||
+ tmp = NULL;
|
|
||||||
in_section = 1;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
+ free(tmp);
|
|
||||||
+ tmp = NULL;
|
|
||||||
}
|
|
||||||
} /* [ */
|
|
||||||
|
|
||||||
@@ -145,8 +148,10 @@ get_config_entry(char * in_data, const char *section, const char *key)
|
|
||||||
tmp = strndup(line, p - line);
|
|
||||||
if (strcmp(key, tmp) != 0) {
|
|
||||||
free(tmp);
|
|
||||||
+ tmp = NULL;
|
|
||||||
} else {
|
|
||||||
free(tmp);
|
|
||||||
+ tmp = NULL;
|
|
||||||
|
|
||||||
/* Skip over any whitespace after the equal sign. */
|
|
||||||
line = strchr(line, '=');
|
|
||||||
@@ -168,5 +173,6 @@ get_config_entry(char * in_data, const char *section, const char *key)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
free(data);
|
|
||||||
+ free(tmp);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
diff --git a/tests/tools/addcinfo.c b/tests/tools/addcinfo.c
|
|
||||||
index f016acb4..939005c2 100644
|
|
||||||
--- a/tests/tools/addcinfo.c
|
|
||||||
+++ b/tests/tools/addcinfo.c
|
|
||||||
@@ -86,6 +86,7 @@ main(int argc, char **argv)
|
|
||||||
if (enveloped == NULL) {
|
|
||||||
cm_log(0, "Internal error: %s.\n",
|
|
||||||
PR_ErrorToName(PORT_GetError()));
|
|
||||||
+ free(buffer);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
ci.content_type = enveloped->oid;
|
|
||||||
@@ -96,6 +97,7 @@ main(int argc, char **argv)
|
|
||||||
content_info_template) != &encoded) {
|
|
||||||
cm_log(0, "Encoding error: %s.\n",
|
|
||||||
PR_ErrorToName(PORT_GetError()));
|
|
||||||
+ free(buffer);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
j = 0;
|
|
||||||
@@ -105,5 +107,6 @@ main(int argc, char **argv)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ free(buffer);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/tests/tools/base2pem.c b/tests/tools/base2pem.c
|
|
||||||
index 40e74201..31359684 100644
|
|
||||||
--- a/tests/tools/base2pem.c
|
|
||||||
+++ b/tests/tools/base2pem.c
|
|
||||||
@@ -76,5 +76,6 @@ main(int argc, const char **argv)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
printf("%s", cm_submit_u_pem_from_base64(type, dos, p));
|
|
||||||
+ free(p);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/tests/tools/pem2base.c b/tests/tools/pem2base.c
|
|
||||||
index 0607c162..bb686c0e 100644
|
|
||||||
--- a/tests/tools/pem2base.c
|
|
||||||
+++ b/tests/tools/pem2base.c
|
|
||||||
@@ -46,5 +46,6 @@ main(int argc, char **argv)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
printf("%s\n", cm_submit_u_base64_from_text(p));
|
|
||||||
+ free(p);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
From db0f835829b739cf843d44b08c22407194aadd71 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 13 Sep 2018 17:57:21 -0400
|
|
||||||
Subject: [PATCH 12/16] clang: Uninitialized initial value
|
|
||||||
|
|
||||||
---
|
|
||||||
src/submit-n.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/submit-n.c b/src/submit-n.c
|
|
||||||
index ee6f3105..b07ea23a 100644
|
|
||||||
--- a/src/submit-n.c
|
|
||||||
+++ b/src/submit-n.c
|
|
||||||
@@ -281,7 +281,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
|
||||||
PLArenaPool *arena = NULL;
|
|
||||||
SECStatus error;
|
|
||||||
NSSInitContext *ctx = NULL;
|
|
||||||
- PK11SlotInfo *slot;
|
|
||||||
+ PK11SlotInfo *slot = NULL;
|
|
||||||
PK11SlotList *slotlist = NULL;
|
|
||||||
PK11SlotListElement *sle;
|
|
||||||
SECKEYPrivateKeyList *keylist = NULL;
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,99 +0,0 @@
|
|||||||
From 753d98b3e70f34a52caabbe8db30bf06fc917f38 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 13 Sep 2018 11:46:51 -0400
|
|
||||||
Subject: [PATCH 13/16] clang: Null pointer passed as an argument to a
|
|
||||||
'nonnull' parameter
|
|
||||||
|
|
||||||
---
|
|
||||||
src/certsave-n.c | 3 ++-
|
|
||||||
src/getcert.c | 7 ++++---
|
|
||||||
src/scep.c | 8 ++++----
|
|
||||||
src/submit-sn.c | 7 +++++--
|
|
||||||
4 files changed, 15 insertions(+), 10 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index 49b28324..972a1dfa 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -72,7 +72,8 @@ add_privkey_to_list(SECKEYPrivateKey **list, SECKEYPrivateKey *key)
|
|
||||||
if ((list == NULL) || (list[i] == NULL)) {
|
|
||||||
newlist = malloc(sizeof(newlist[0]) * (i + 2));
|
|
||||||
if (newlist != NULL) {
|
|
||||||
- memcpy(newlist, list, sizeof(newlist[0]) * i);
|
|
||||||
+ if (list != NULL)
|
|
||||||
+ memcpy(newlist, list, sizeof(newlist[0]) * i);
|
|
||||||
newlist[i] = key;
|
|
||||||
newlist[i + 1] = NULL;
|
|
||||||
list = newlist;
|
|
||||||
diff --git a/src/getcert.c b/src/getcert.c
|
|
||||||
index 6417cd44..ddb28de2 100644
|
|
||||||
--- a/src/getcert.c
|
|
||||||
+++ b/src/getcert.c
|
|
||||||
@@ -291,7 +291,8 @@ add_string(void *parent, char ***dest, const char *value)
|
|
||||||
printf(_("Out of memory.\n"));
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
- memcpy(tmp, *dest, sizeof(tmp[0]) * i);
|
|
||||||
+ if (*dest)
|
|
||||||
+ memcpy(tmp, *dest, sizeof(tmp[0]) * i);
|
|
||||||
tmp[i] = talloc_strdup(tmp, value);
|
|
||||||
i++;
|
|
||||||
tmp[i] = NULL;
|
|
||||||
@@ -1582,8 +1583,8 @@ add_basic_request(enum cm_tdbus_type bus, char *id,
|
|
||||||
{
|
|
||||||
DBusMessage *req, *rep;
|
|
||||||
int i;
|
|
||||||
- struct cm_tdbusm_dict param[28];
|
|
||||||
- const struct cm_tdbusm_dict *params[29];
|
|
||||||
+ struct cm_tdbusm_dict param[30];
|
|
||||||
+ const struct cm_tdbusm_dict *params[30];
|
|
||||||
dbus_bool_t b;
|
|
||||||
const char *capath;
|
|
||||||
char *p;
|
|
||||||
diff --git a/src/scep.c b/src/scep.c
|
|
||||||
index 68eae788..b0bd214b 100644
|
|
||||||
--- a/src/scep.c
|
|
||||||
+++ b/src/scep.c
|
|
||||||
@@ -793,8 +793,8 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr, "code_text = \"%s\"\n", cm_submit_h_result_code_text(hctx));
|
|
||||||
syslog(LOG_DEBUG, "%s %s?%s\n", "GET", url, params2);
|
|
||||||
}
|
|
||||||
- if (strcasecmp(content_type2,
|
|
||||||
- "application/x-x509-ca-cert") != 0) {
|
|
||||||
+ if ((content_type2 != NULL) && (strcasecmp(content_type2,
|
|
||||||
+ "application/x-x509-ca-cert") != 0)) {
|
|
||||||
if (verbose > 0) {
|
|
||||||
fprintf(stderr, "Content is not "
|
|
||||||
"\"application/x-x509-ca-cert\""
|
|
||||||
@@ -882,8 +882,8 @@ main(int argc, const char **argv)
|
|
||||||
break;
|
|
||||||
case op_get_cert_initial:
|
|
||||||
case op_pkcsreq:
|
|
||||||
- if (strcasecmp(content_type2,
|
|
||||||
- "application/x-pki-message") == 0) {
|
|
||||||
+ if ((content_type2 != NULL) && (strcasecmp(content_type2,
|
|
||||||
+ "application/x-pki-message") == 0)) {
|
|
||||||
memset(&cacerts, 0, sizeof(cacerts));
|
|
||||||
cacerts[0] = cacert ? cacert : racert;
|
|
||||||
cacerts[1] = cacert ? racert : NULL;
|
|
||||||
diff --git a/src/submit-sn.c b/src/submit-sn.c
|
|
||||||
index e9c62b22..ecd78dc0 100644
|
|
||||||
--- a/src/submit-sn.c
|
|
||||||
+++ b/src/submit-sn.c
|
|
||||||
@@ -258,8 +258,11 @@ cm_submit_sn_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
/* Allocate space for one more extension. */
|
|
||||||
extensions = PORT_ArenaZAlloc(arena, (i + 2) * sizeof(extensions[0]));
|
|
||||||
if (extensions != NULL) {
|
|
||||||
- memcpy(extensions, ucert->extensions,
|
|
||||||
- i * sizeof(extensions[0]));
|
|
||||||
+ if (i != 0) {
|
|
||||||
+ /* Note that C99 says copy of 0 items is ok, quieting clang */
|
|
||||||
+ memcpy(extensions, ucert->extensions,
|
|
||||||
+ i * sizeof(extensions[0]));
|
|
||||||
+ }
|
|
||||||
if (found_basic) {
|
|
||||||
extensions[i] = NULL;
|
|
||||||
} else {
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
|||||||
From 9e44680dbd207cef48beb7598114ea59aa457055 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 14 Sep 2018 16:15:23 -0400
|
|
||||||
Subject: [PATCH 14/16] clang: Dead increment
|
|
||||||
|
|
||||||
---
|
|
||||||
src/store-gen.c | 1 -
|
|
||||||
1 file changed, 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/store-gen.c b/src/store-gen.c
|
|
||||||
index da32afc8..653767a1 100644
|
|
||||||
--- a/src/store-gen.c
|
|
||||||
+++ b/src/store-gen.c
|
|
||||||
@@ -363,7 +363,6 @@ cm_store_time_from_timestamp(const char *timestamp)
|
|
||||||
buf[2] = '\0';
|
|
||||||
stamp.tm_min = atoi(buf);
|
|
||||||
memcpy(buf, timestamp + i, 2);
|
|
||||||
- i += 2;
|
|
||||||
buf[2] = '\0';
|
|
||||||
stamp.tm_sec = atoi(buf);
|
|
||||||
t = timegm(&stamp);
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,83 +0,0 @@
|
|||||||
From 319858127df42c1a95b9b3282705c90ecd6754a5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 14 Sep 2018 16:16:55 -0400
|
|
||||||
Subject: [PATCH 15/16] clang: Dereference of null pointer
|
|
||||||
|
|
||||||
---
|
|
||||||
src/tdbush.c | 56 +++++++++++++++++++++++++++++---------------------------
|
|
||||||
1 file changed, 29 insertions(+), 27 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/tdbush.c b/src/tdbush.c
|
|
||||||
index 3184e67a..d1bbe4da 100644
|
|
||||||
--- a/src/tdbush.c
|
|
||||||
+++ b/src/tdbush.c
|
|
||||||
@@ -3655,37 +3655,39 @@ request_modify(DBusConnection *conn, DBusMessage *msg,
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- if (d[i] == NULL) {
|
|
||||||
- new_request_path = talloc_asprintf(parent, "%s/%s",
|
|
||||||
- CM_DBUS_REQUEST_PATH,
|
|
||||||
- entry->cm_busname);
|
|
||||||
- if ((n_propname > 0) &&
|
|
||||||
- (n_propname + 1 < sizeof(propname) / sizeof(propname[0]))) {
|
|
||||||
- propname[n_propname] = NULL;
|
|
||||||
- cm_tdbush_property_emit_changed(ctx, new_request_path,
|
|
||||||
- CM_DBUS_REQUEST_INTERFACE,
|
|
||||||
- propname);
|
|
||||||
- }
|
|
||||||
- cm_tdbusm_set_bp(rep,
|
|
||||||
- cm_restart_entry(ctx,
|
|
||||||
- entry->cm_nickname),
|
|
||||||
- new_request_path);
|
|
||||||
- dbus_connection_send(conn, rep, NULL);
|
|
||||||
- dbus_message_unref(rep);
|
|
||||||
- talloc_free(new_request_path);
|
|
||||||
- return DBUS_HANDLER_RESULT_HANDLED;
|
|
||||||
- } else {
|
|
||||||
- dbus_message_unref(rep);
|
|
||||||
- rep = dbus_message_new_error(msg,
|
|
||||||
- CM_DBUS_ERROR_REQUEST_BAD_ARG,
|
|
||||||
- _("Unrecognized parameter or wrong value type."));
|
|
||||||
- if (rep != NULL) {
|
|
||||||
- cm_tdbusm_set_s(rep, d[i]->key);
|
|
||||||
+ if (d != NULL) {
|
|
||||||
+ if (d[i] == NULL) {
|
|
||||||
+ new_request_path = talloc_asprintf(parent, "%s/%s",
|
|
||||||
+ CM_DBUS_REQUEST_PATH,
|
|
||||||
+ entry->cm_busname);
|
|
||||||
+ if ((n_propname > 0) &&
|
|
||||||
+ (n_propname + 1 < sizeof(propname) / sizeof(propname[0]))) {
|
|
||||||
+ propname[n_propname] = NULL;
|
|
||||||
+ cm_tdbush_property_emit_changed(ctx, new_request_path,
|
|
||||||
+ CM_DBUS_REQUEST_INTERFACE,
|
|
||||||
+ propname);
|
|
||||||
+ }
|
|
||||||
+ cm_tdbusm_set_bp(rep,
|
|
||||||
+ cm_restart_entry(ctx,
|
|
||||||
+ entry->cm_nickname),
|
|
||||||
+ new_request_path);
|
|
||||||
dbus_connection_send(conn, rep, NULL);
|
|
||||||
dbus_message_unref(rep);
|
|
||||||
+ talloc_free(new_request_path);
|
|
||||||
return DBUS_HANDLER_RESULT_HANDLED;
|
|
||||||
+ } else {
|
|
||||||
+ dbus_message_unref(rep);
|
|
||||||
+ rep = dbus_message_new_error(msg,
|
|
||||||
+ CM_DBUS_ERROR_REQUEST_BAD_ARG,
|
|
||||||
+ _("Unrecognized parameter or wrong value type."));
|
|
||||||
+ if (rep != NULL) {
|
|
||||||
+ cm_tdbusm_set_s(rep, d[i]->key);
|
|
||||||
+ dbus_connection_send(conn, rep, NULL);
|
|
||||||
+ dbus_message_unref(rep);
|
|
||||||
+ return DBUS_HANDLER_RESULT_HANDLED;
|
|
||||||
+ }
|
|
||||||
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
||||||
}
|
|
||||||
- return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From f17b7c0a22f4d49dca001d984673046e133577d1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 14 Sep 2018 16:41:19 -0400
|
|
||||||
Subject: [PATCH 16/16] Add missing case for cm_prefs_aes192
|
|
||||||
|
|
||||||
---
|
|
||||||
src/prefs-o.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/prefs-o.c b/src/prefs-o.c
|
|
||||||
index 64542f85..ac68164d 100644
|
|
||||||
--- a/src/prefs-o.c
|
|
||||||
+++ b/src/prefs-o.c
|
|
||||||
@@ -75,6 +75,9 @@ cm_prefs_ossl_cipher_by_pref(enum cm_prefs_cipher cipher)
|
|
||||||
case cm_prefs_aes128:
|
|
||||||
return EVP_aes_128_cbc();
|
|
||||||
break;
|
|
||||||
+ case cm_prefs_aes192:
|
|
||||||
+ return EVP_aes_192_cbc();
|
|
||||||
+ break;
|
|
||||||
case cm_prefs_aes256:
|
|
||||||
return EVP_aes_256_cbc();
|
|
||||||
break;
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -25,14 +25,14 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: certmonger
|
Name: certmonger
|
||||||
Version: 0.79.6
|
Version: 0.79.7
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Certificate status monitor and PKI enrollment client
|
Summary: Certificate status monitor and PKI enrollment client
|
||||||
|
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: http://pagure.io/certmonger/
|
URL: http://pagure.io/certmonger/
|
||||||
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
||||||
#Source1: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz.sig
|
#Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
|
||||||
|
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
@ -43,9 +43,9 @@ BuildRequires: openldap-devel
|
|||||||
BuildRequires: libidn2-devel
|
BuildRequires: libidn2-devel
|
||||||
BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel
|
BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel
|
||||||
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
|
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
|
||||||
BuildRequires: libuuid-devel
|
BuildRequires: libuuid-devel
|
||||||
%else
|
%else
|
||||||
BuildRequires: e2fsprogs-devel
|
BuildRequires: e2fsprogs-devel
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: libtalloc-devel, libtevent-devel
|
BuildRequires: libtalloc-devel, libtevent-devel
|
||||||
%if 0%{?rhel} >= 6 || 0%{?fedora} >= 9
|
%if 0%{?rhel} >= 6 || 0%{?fedora} >= 9
|
||||||
@ -111,21 +111,6 @@ Conflicts: libtevent < 0.9.13
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Patch1: 0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
|
Patch1: 0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
|
||||||
Patch2: 0002-Use-the-correct-slot-when-saving-certificates-in-NSS.patch
|
|
||||||
Patch3: 0003-Include-the-token-name-when-a-PIN-is-provided-but-is.patch
|
|
||||||
Patch4: 0004-Add-utility-function-to-get-the-internal-token-name.patch
|
|
||||||
Patch5: 0005-Only-de-duplicate-certificates-within-the-same-token.patch
|
|
||||||
Patch6: 0006-Ensure-that-an-OpenSSL-random-seed-file-exists-when-.patch
|
|
||||||
Patch7: 0007-Log-test-failures-of-bad-pin.patch
|
|
||||||
Patch8: 0008-Use-only-PK11_ImportCert-to-import-certs-not-CERT_Im.patch
|
|
||||||
Patch9: 0009-Fix-memory-leak-in-util_internal_token_name.patch
|
|
||||||
Patch10: 0010-clang-Dead-assignment.patch
|
|
||||||
Patch11: 0011-clang-Memory-leak.patch
|
|
||||||
Patch12: 0012-clang-Uninitialized-initial-value.patch
|
|
||||||
Patch13: 0013-clang-Null-pointer-passed-as-an-argument-to-a-nonnul.patch
|
|
||||||
Patch14: 0014-clang-Dead-increment.patch
|
|
||||||
Patch15: 0015-clang-Dereference-of-null-pointer.patch
|
|
||||||
Patch16: 0016-Add-missing-case-for-cm_prefs_aes192.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Certmonger is a service which is primarily concerned with getting your
|
Certmonger is a service which is primarily concerned with getting your
|
||||||
@ -134,21 +119,6 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
|
||||||
%patch3 -p1
|
|
||||||
%patch4 -p1
|
|
||||||
%patch5 -p1
|
|
||||||
%patch6 -p1
|
|
||||||
%patch7 -p1
|
|
||||||
%patch8 -p1
|
|
||||||
%patch9 -p1
|
|
||||||
%patch10 -p1
|
|
||||||
%patch11 -p1
|
|
||||||
%patch12 -p1
|
|
||||||
%patch13 -p1
|
|
||||||
%patch14 -p1
|
|
||||||
%patch15 -p1
|
|
||||||
%patch16 -p1
|
|
||||||
|
|
||||||
%if 0%{?rhel} > 0
|
%if 0%{?rhel} > 0
|
||||||
# Enabled by default for RHEL for bug #765600, still disabled by default for
|
# Enabled by default for RHEL for bug #765600, still disabled by default for
|
||||||
@ -276,6 +246,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 18 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-1
|
||||||
|
- Update to upstream 0.79.7
|
||||||
|
|
||||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.6-5
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.79.6-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (certmonger-0.79.6.tar.gz) = 55721a114d874d484bbde01a31f72b8d2a6d3ce0a676c73a217019c5da96aa28d4c0a32abb962abe996bf55b47050b7e0558fffbef6dd4d13ab922e0de5d8224
|
SHA512 (certmonger-0.79.7.tar.gz) = eca748cc28a3d9e3a1d5871848e1c22a6025b86a07ffc166bbca59f0945e2d461d6fc8201bd0e6b94d13680e86bbd29a501c5c38763484640b5b8f70ca470980
|
||||||
|
Loading…
Reference in New Issue
Block a user