From 9420929d36620e931e67512ae955bc653e076157 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 9 Feb 2022 14:01:11 -0500
Subject: [PATCH] Add fix for memleak uncovered by covscan

Related: rhbz#1995600

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 cyrus-sasl-2.1.27-cumulative-ossl3.patch | 33 +++++++++++++++---------
 cyrus-sasl.spec                          |  6 ++++-
 2 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/cyrus-sasl-2.1.27-cumulative-ossl3.patch b/cyrus-sasl-2.1.27-cumulative-ossl3.patch
index 0d0eb39..10b57cc 100644
--- a/cyrus-sasl-2.1.27-cumulative-ossl3.patch
+++ b/cyrus-sasl-2.1.27-cumulative-ossl3.patch
@@ -61,9 +61,9 @@ diff -uPr cyrus-sasl-2.1.27/plugins/scram.c cyrus-sasl-2.1.27.ossl3/plugins/scra
  /* The result variable need to point to a buffer big enough for the [SHA-1] hash */
  static void
 diff -uPr cyrus-sasl-2.1.27/saslauthd/lak.c cyrus-sasl-2.1.27.ossl3/saslauthd/lak.c
---- cyrus-sasl-2.1.27/saslauthd/lak.c	2021-10-06 11:29:53.281375315 -0400
-+++ cyrus-sasl-2.1.27.ossl3/saslauthd/lak.c	2021-10-06 11:30:59.022400245 -0400
-@@ -1805,13 +1805,29 @@
+--- cyrus-sasl-2.1.27/saslauthd/lak.c	2022-01-09 11:30:50.000000000 -0400
++++ cyrus-sasl-2.1.27.ossl3/saslauthd/lak.c	2022-01-09 11:30:50.000000001 -0400
+@@ -1806,18 +1806,36 @@
  		return rc;
  	}
  
@@ -71,13 +71,13 @@ diff -uPr cyrus-sasl-2.1.27/saslauthd/lak.c cyrus-sasl-2.1.27.ossl3/saslauthd/la
 -	EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
 +	rc = EVP_DigestInit(mdctx, md);
 +	if (rc != 1) {
-+		EVP_MD_CTX_free(mdctx);
-+		return LAK_FAIL;
++		rc = LAK_FAIL;
++		goto done;
 +	}
 +	rc = EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
 +	if (rc != 1) {
-+		EVP_MD_CTX_free(mdctx);
-+		return LAK_FAIL;
++		rc = LAK_FAIL;
++		goto done;
 +	}
  	if (hrock->salted) {
 -		EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
@@ -85,16 +85,25 @@ diff -uPr cyrus-sasl-2.1.27/saslauthd/lak.c cyrus-sasl-2.1.27.ossl3/saslauthd/la
 +		rc = EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
 +				      clen - EVP_MD_size(md));
 +		if (rc != 1) {
-+			EVP_MD_CTX_free(mdctx);
-+			return LAK_FAIL;
++		    rc = LAK_FAIL;
++		    goto done;
 +		}
 +	}
 +	rc = EVP_DigestFinal(mdctx, digest, NULL);
 +	if (rc != 1) {
-+		EVP_MD_CTX_free(mdctx);
-+		return LAK_FAIL;
++		rc = LAK_FAIL;
++		goto done;
  	}
 -	EVP_DigestFinal(mdctx, digest, NULL);
- 	EVP_MD_CTX_free(mdctx);
+-	EVP_MD_CTX_free(mdctx);
  
  	rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
++	rc = rc ? LAK_INVALID_PASSWORD : LAK_OK;
++done:
++	EVP_MD_CTX_free(mdctx);
+ 	free(cred);
+-	return rc ? LAK_INVALID_PASSWORD : LAK_OK;
++	return rc;
+ }
+ 
+ #endif /* HAVE_OPENSSL */
diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec
index 3ea85e6..7475aa3 100644
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@@ -9,7 +9,7 @@
 Summary: The Cyrus SASL library
 Name: cyrus-sasl
 Version: 2.1.27
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: BSD with advertising
 URL: https://www.cyrusimap.org/sasl/
 
@@ -398,6 +398,10 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
 %{_sbindir}/sasl2-shared-mechlist
 
 %changelog
+* Mon Feb  9 2022 Simo Sorce <simo@redhat.com> - 2.1.27-19
+- Fix a memleak in one of the OpenSSL 3 compat patches
+  found by covscan
+
 * Mon Feb  7 2022 Simo Sorce <simo@redhat.com> - 2.1.27-18
 - Update OpenSSL 3 related compatibility patch backports