From 5353acefcb5eed8cd8a177719cd6dae5abc99cc1 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Thu, 12 Jan 2023 03:26:42 -0500
Subject: [PATCH] import opencryptoki-3.18.0-5.el8_7

---
 .../opencryptoki-3.19.0-fix-memory-leak.patch | 33 +++++++++++++++++++
 SPECS/opencryptoki.spec                       |  9 ++++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/opencryptoki-3.19.0-fix-memory-leak.patch

diff --git a/SOURCES/opencryptoki-3.19.0-fix-memory-leak.patch b/SOURCES/opencryptoki-3.19.0-fix-memory-leak.patch
new file mode 100644
index 0000000..743b9d7
--- /dev/null
+++ b/SOURCES/opencryptoki-3.19.0-fix-memory-leak.patch
@@ -0,0 +1,33 @@
+commit d5ccb00e52f5b0c66533f085cda36f63f7583d44
+Author: Ingo Franzki <ifranzki@linux.ibm.com>
+Date:   Tue Jul 19 16:16:55 2022 +0200
+
+    common: fix memory leak in save_private_token_object
+    
+    Reported by coverty scan:
+    
+    Error: RESOURCE_LEAK (CWE-772):
+    opencryptoki-3.18.0/usr/lib/common/loadsave.c:2311: alloc_fn:
+    Storage is returned from allocation function "fopen".
+    opencryptoki-3.18.0/usr/lib/common/loadsave.c:2311: var_assign:
+    Assigning: "fp" = storage returned from "fopen(fname, "r")".
+    opencryptoki-3.18.0/usr/lib/common/loadsave.c:2316: noescape:
+    Resource "fp" is not freed or pointed-to in "fileno".
+    opencryptoki-3.18.0/usr/lib/common/loadsave.c:2407: overwrite_var:
+    Overwriting "fp" in "fp = fopen(fname, "w")" leaks the storage that "fp" points to.
+    
+    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+
+diff --git a/usr/lib/common/loadsave.c b/usr/lib/common/loadsave.c
+index bbd691c0..91955f47 100644
+--- a/usr/lib/common/loadsave.c
++++ b/usr/lib/common/loadsave.c
+@@ -2344,6 +2344,8 @@ CK_RV save_private_token_object(STDLL_TokData_t *tokdata, OBJECT *obj)
+         /* New token objects files created by mkstemp have a size of zero */
+         if (sb.st_size == 0) {
+             new = 1;
++            fclose(fp);
++            fp = NULL;
+             goto do_work;
+         }
+ 
diff --git a/SPECS/opencryptoki.spec b/SPECS/opencryptoki.spec
index 42d72c7..95df1f7 100644
--- a/SPECS/opencryptoki.spec
+++ b/SPECS/opencryptoki.spec
@@ -1,7 +1,7 @@
 Name: opencryptoki
 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
 Version: 3.18.0
-Release: 3%{?dist}
+Release: 5%{?dist}
 License: CPL
 Group: System Environment/Base
 URL: https://github.com/opencryptoki/opencryptoki
@@ -15,6 +15,7 @@ Patch2: opencryptoki-3.18.0-p11sak.patch
 # upstream patches
 Patch100: opencryptoki-3.18.0-fix-json-output.patch
 Patch102: opencryptoki-3.18.0-returning_CKR_BUFFER_TOO_SMALL.patch
+Patch103: opencryptoki-3.19.0-fix-memory-leak.patch
 
 Requires(pre): coreutils diffutils
 Requires: (selinux-policy >= 3.14.3-70 if selinux-policy-targeted)
@@ -365,6 +366,12 @@ fi
 
 
 %changelog
+* Thu Oct 20 2022 Than Ngo <than@redhat.com> - 3.18.0-5
+- Related: #2129059, rebased the patch
+
+* Wed Oct 19 2022 Than Ngo <than@redhat.com> - 3.18.0-4
+- Resolves: #2129059, C_GenerateKeyPair() fails after generating > 500 RSA keys with CEX7 crypto cards 
+
 * Mon Aug 01 2022 Than Ngo <than@redhat.com> - 3.18.0-3
 - Related: #2043854, do not touch opencryptoki.conf if it is in place already and even if it is unchanged
 - Resolves: #2112785, EP11: Fix C_GetMechanismList returning CKR_BUFFER_TOO_SMALL