libica/SOURCES/libica-3.8.0-free.patch

From fc5dae7936d7182692d80fce8502abf6f3937046 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Fri, 9 Jul 2021 09:38:19 +0200
Subject: [PATCH] buffer must be freed with OPENSSL_free()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OPENSSL_hexstr2buf() allocates the output buffer using OPENSSL_malloc()
and it means the buffer must be freed with OPENSSL_free(). Usually it's
not a problem, but an application can pass its own malloc/free
implementation to OpenSSL and the allocation/de-allocation functions must
match.

With ibmca engine installed and configured we have experienced a crash
in DNS related tools (host, dig, ...) in RHEL, because they provide
their own malloc/free.

[root@ibm-z-110 ~]# gdb /usr/bin/host
GNU gdb (GDB) Red Hat Enterprise Linux 8.2-15.el8
(gdb) set args localhost
(gdb) run
Starting program: /usr/bin/host localhost
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x3fffc67f910 (LWP 65794)]
[New Thread 0x3fffbe7e910 (LWP 65795)]
[New Thread 0x3fffb67d910 (LWP 65796)]
free(): invalid pointer

Thread 1 "host" received signal SIGABRT, Aborted.
0x000003fffccbe9e4 in raise () from /lib64/libc.so.6
(gdb) where
0  0x000003fffccbe9e4 in raise () from /lib64/libc.so.6
1  0x000003fffcca3218 in abort () from /lib64/libc.so.6
2  0x000003fffcd0279c in __libc_message () from /lib64/libc.so.6
3  0x000003fffcd0a348 in malloc_printerr () from /lib64/libc.so.6
4  0x000003fffcd0bd2a in _int_free () from /lib64/libc.so.6
5  0x000003fffada7d9c in compute_file_hmac (hmaclen=<optimized out>, buf=<optimized out>, path=<optimized out>) at fips.c:291
6  FIPSCHECK_verify (path=<optimized out>) at fips.c:333
7  fips_lib_integrity_check () at fips.c:417
8  0x000003fffadaa070 in fips_powerup_tests () at fips.c:460
9  0x000003fffad89ea4 in icainit () at init.c:97
10 0x000003fffdf9028e in call_init.part () from /lib/ld64.so.1
11 0x000003fffdf9039c in _dl_init () from /lib/ld64.so.1
12 0x000003fffcdbfc98 in _dl_catch_exception () from /lib64/libc.so.6
13 0x000003fffdf94bc6 in dl_open_worker () from /lib/ld64.so.1
14 0x000003fffcdbfc1e in _dl_catch_exception () from /lib64/libc.so.6
15 0x000003fffdf94364 in _dl_open () from /lib/ld64.so.1
16 0x000003fffd30114e in dlopen_doit () from /lib64/libdl.so.2
17 0x000003fffcdbfc1e in _dl_catch_exception () from /lib64/libc.so.6
18 0x000003fffcdbfd36 in _dl_catch_error () from /lib64/libc.so.6
19 0x000003fffd301910 in _dlerror_run () from /lib64/libdl.so.2
20 0x000003fffd3011d8 in dlopen@@GLIBC_2.2 () from /lib64/libdl.so.2
21 0x000003fffdf05f70 in ibmca_init () from /usr/lib64/engines-1.1/ibmca.so
22 0x000003fffd50dcbe in engine_unlocked_init () from /lib64/libcrypto.so.1.1
23 0x000003fffd50de4e in ENGINE_init () from /lib64/libcrypto.so.1.1
24 0x000003fffd50bfae in int_engine_init () from /lib64/libcrypto.so.1.1
25 0x000003fffd50c406 in int_engine_module_init () from /lib64/libcrypto.so.1.1
26 0x000003fffd4d21ec in CONF_modules_load () from /lib64/libcrypto.so.1.1
27 0x000003fffd4d2850 in CONF_modules_load_file () from /lib64/libcrypto.so.1.1
28 0x000003fffde2b02c in dst.openssl_init () from /lib64/libdns.so.1112
29 0x000003fffde32b54 in dst_lib_init2 () from /lib64/libdns.so.1112
30 0x000002aa0000f728 in setup_libs ()
31 0x000002aa00009bfa in main ()

Signed-off-by: Dan Horák <dan@danny.cz>
---
 src/fips.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/fips.c b/src/fips.c
index c1ebee5..35767e2 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -288,7 +288,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
 	if (pkey != NULL)
 		EVP_PKEY_free(pkey);
 
-	free(keybuf);
+	OPENSSL_free(keybuf);
 	EVP_MD_CTX_destroy(mdctx);
 	if (fp)
 		fclose(fp);