From ba8cc20c2b58c184e18f4918908a1e8cc2e85c5c Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 1 Aug 2018 10:21:12 +0200
Subject: [PATCH] Add patch to fix unwanted closing of FD 0

---
 ...ix_kcapi_handle_destroy_closing_FD_0.patch | 33 +++++++++++++++++++
 libkcapi.spec                                 |  6 +++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch

diff --git a/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch b/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
new file mode 100644
index 0000000..220ba6d
--- /dev/null
+++ b/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
@@ -0,0 +1,33 @@
+From b2e9360dab74de1ffcb8527610e88b0da87c701e Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Mon, 30 Jul 2018 17:17:59 +0200
+Subject: [PATCH] lib: Fix _kcapi_handle_destroy() closing FD 0
+
+The kcapi_handle structure is initialized with zeroes at allocation.
+However, since it contains several file descriptor variables, it may
+happen that _kcapi_handle_destroy() is executed while some of these are
+set to 0, causing an unwanted call to close(0).
+
+This patch prevents it by initializing all FD variables to -1 right
+after handle allocation.
+---
+ lib/kcapi-kernel-if.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
+index 595ce68..dfa94b4 100644
+--- a/lib/kcapi-kernel-if.c
++++ b/lib/kcapi-kernel-if.c
+@@ -1146,6 +1146,12 @@ int _kcapi_handle_init(struct kcapi_handle **caller, const char *type,
+ 
+ 	handle->tfm = tfm;
+ 
++	/* Initialize all fd vars to -1 to avoid unwanted close(0) */
++	handle->pipes[0] = -1;
++	handle->pipes[1] = -1;
++	handle->opfd = -1;
++	handle->aio.efd = -1;
++
+ 	ret = _kcapi_handle_init_tfm(handle, type, ciphername);
+ 	if (ret)
+ 		goto err;
diff --git a/libkcapi.spec b/libkcapi.spec
index e8ca0a9..04ea48a 100644
--- a/libkcapi.spec
+++ b/libkcapi.spec
@@ -92,7 +92,7 @@ bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck            \\\
 
 Name:           libkcapi
 Version:        %{vmajor}.%{vminor}.%{vpatch}
-Release:        10%{?dist}
+Release:        11%{?dist}
 Summary:        User space interface to the Linux Kernel Crypto API
 
 License:        BSD or GPLv2
@@ -108,6 +108,7 @@ Patch4:         %{giturl}/commit/a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68.patch#
 Patch5:         %{giturl}/compare/decf850ab9bb...ec9c36216623.patch#/%{name}-1.1.1-Fix_various_issues_reported_by_Coverity.patch
 Patch6:         %{giturl}/compare/4a1a30f75e70...c9ed6b2c0702.patch#/%{name}-1.1.1-Coverity_PR_follow-up.patch
 Patch7:         %{giturl}/pull/68.patch#/%{name}-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch
+Patch8:         %{giturl}/pull/70.patch#/%{name}-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
 
 BuildRequires:  clang
 BuildRequires:  coreutils
@@ -421,6 +422,9 @@ popd
 
 
 %changelog
+* Wed Aug 01 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-11
+- Add patch to fix unwanted closing of FD 0
+
 * Tue Jul 31 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-10
 - Remove the kernel headers workaround