rpms/libgcrypt
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix coverity reports

Browse Source
This commit is contained in:
Jakub Jelen 2021-04-15 10:58:31 +02:00
parent 643055c06d
commit 2e2a35ecb3
2 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
libgcrypt-1.9.2-coverity.patch Normal file
View File

@ -0,0 +1,55 @@
commit a8d6c6c1b258548260748eefba0532fd35c8ce47
Author: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu Apr 15 16:08:24 2021 +0900
cipher: Fix memory leaks for EdDSA.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Free the point Q.
(_gcry_ecc_eddsa_verify): Avoid memory leaks for points and MPIs.
--
GnuPG-bug-id: 5385
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
index 2a1a8907..8b32545a 100644
--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
@@ -641,7 +641,10 @@ _gcry_ecc_eddsa_genkey (mpi_ec_t ec, int flags)
ec->d = _gcry_mpi_set_opaque (NULL, dbuf, dlen*8);
rc = _gcry_ecc_eddsa_compute_h_d (&hash_d, ec);
if (rc)
- goto leave;
+ {
+ point_free (&Q);
+ goto leave;
+ }
_gcry_mpi_set_buffer (a, hash_d, b, 0);
xfree (hash_d);
@@ -991,11 +994,6 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, mpi_ec_t ec,
if (!mpi_is_opaque (input) || !mpi_is_opaque (r_in) || !mpi_is_opaque (s_in))
return GPG_ERR_INV_DATA;
- point_init (&Ia);
- point_init (&Ib);
- h = mpi_new (0);
- s = mpi_new (0);
-
b = (ec->nbits+7)/8;
if (ec->nbits == 255)
@@ -1005,6 +1003,11 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, mpi_ec_t ec,
else
return GPG_ERR_NOT_IMPLEMENTED;
+ point_init (&Ia);
+ point_init (&Ib);
+ h = mpi_new (0);
+ s = mpi_new (0);
+
/* Encode and check the public key. */
rc = _gcry_ecc_eddsa_encodepoint (ec->Q, ec, NULL, NULL, 0,
&encpk, &encpklen);

3
libgcrypt.spec
View File

@ -46,6 +46,8 @@ Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
Patch30: libgcrypt-1.8.5-fips-module.patch
# Unbreak gnupg2 build on s390x: https://dev.gnupg.org/T5356
Patch31: libgcrypt-1.9.2-s390x-ocb.patch
# Coverity reported issues https://dev.gnupg.org/T5385
Patch32: libgcrypt-1.9.2-coverity.patch
%global gcrylibdir %{_libdir}
%global gcrysoname libgcrypt.so.20
@ -95,6 +97,7 @@ applications using libgcrypt.
%patch27 -p1 -b .fips-enforce
%patch30 -p1 -b .fips-module
%patch31 -p1 -b .s390x-ocb
%patch32 -p1 -b .coverity
cp %{SOURCE4} cipher/
cp %{SOURCE5} %{SOURCE6} tests/