rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix issues reported by coverity

Browse Source 
Resolves: rhbz#1938767
This commit is contained in:
Jakub Jelen 2021-04-15 11:01:17 +02:00
parent c8757a0488
commit 09142bed87
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
libgcrypt-1.9.2-coverity.patch Normal file
View File

@ -0,0 +1,55 @@
commit a8d6c6c1b258548260748eefba0532fd35c8ce47
Author: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu Apr 15 16:08:24 2021 +0900
cipher: Fix memory leaks for EdDSA.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Free the point Q.
(_gcry_ecc_eddsa_verify): Avoid memory leaks for points and MPIs.
--
GnuPG-bug-id: 5385
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
index 2a1a8907..8b32545a 100644
--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
@@ -641,7 +641,10 @@ _gcry_ecc_eddsa_genkey (mpi_ec_t ec, int flags)
ec->d = _gcry_mpi_set_opaque (NULL, dbuf, dlen*8);
rc = _gcry_ecc_eddsa_compute_h_d (&hash_d, ec);
if (rc)
- goto leave;
+ {
+ point_free (&Q);
+ goto leave;
+ }
_gcry_mpi_set_buffer (a, hash_d, b, 0);
xfree (hash_d);
@@ -991,11 +994,6 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, mpi_ec_t ec,
if (!mpi_is_opaque (input) || !mpi_is_opaque (r_in) || !mpi_is_opaque (s_in))
return GPG_ERR_INV_DATA;
- point_init (&Ia);
- point_init (&Ib);
- h = mpi_new (0);
- s = mpi_new (0);
-
b = (ec->nbits+7)/8;
if (ec->nbits == 255)
@@ -1005,6 +1003,11 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, mpi_ec_t ec,
else
return GPG_ERR_NOT_IMPLEMENTED;
+ point_init (&Ia);
+ point_init (&Ib);
+ h = mpi_new (0);
+ s = mpi_new (0);
+
/* Encode and check the public key. */
rc = _gcry_ecc_eddsa_encodepoint (ec->Q, ec, NULL, NULL, 0,
&encpk, &encpklen);

8
libgcrypt.spec
View File

@ -1,6 +1,6 @@
Name: libgcrypt Name: libgcrypt
Version: 1.9.2 Version: 1.9.2
Release: 2%{?dist} Release: 3%{?dist}
URL: https://www.gnupg.org/ URL: https://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC # The original libgcrypt sources now contain potentially patented ECC
@ -46,6 +46,8 @@ Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
Patch30: libgcrypt-1.8.5-fips-module.patch Patch30: libgcrypt-1.8.5-fips-module.patch
# Unbreak gnupg2 build on s390x: https://dev.gnupg.org/T5356 # Unbreak gnupg2 build on s390x: https://dev.gnupg.org/T5356
Patch31: libgcrypt-1.9.2-s390x-ocb.patch Patch31: libgcrypt-1.9.2-s390x-ocb.patch
# Coverity reported issues https://dev.gnupg.org/T5385
Patch32: libgcrypt-1.9.2-coverity.patch
%global gcrylibdir %{_libdir} %global gcrylibdir %{_libdir}
%global gcrysoname libgcrypt.so.20 %global gcrysoname libgcrypt.so.20
@ -95,6 +97,7 @@ applications using libgcrypt.
%patch27 -p1 -b .fips-enforce %patch27 -p1 -b .fips-enforce
%patch30 -p1 -b .fips-module %patch30 -p1 -b .fips-module
%patch31 -p1 -b .s390x-ocb %patch31 -p1 -b .s390x-ocb
%patch32 -p1 -b .coverity
cp %{SOURCE4} cipher/ cp %{SOURCE4} cipher/
cp %{SOURCE5} %{SOURCE6} tests/ cp %{SOURCE5} %{SOURCE6} tests/
@ -204,6 +207,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
%license COPYING %license COPYING
%changelog %changelog
* Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-3
- Fix issues reported by coverity
* Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-2 * Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-2
- Fix OCB tag creation on s390x (failing gnupg2 tests) - Fix OCB tag creation on s390x (failing gnupg2 tests)