From c3a25e79044d8a700e5804fd31288c0cd99ac354 Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Thu, 7 Nov 2024 13:00:34 +0100
Subject: [PATCH] - Fix resource leak

Related: RHEL-58996
---
 opencryptoki-3.24.0-resource-leaks.patch | 75 ++++++++++++++++++++++++
 opencryptoki.spec                        |  8 ++-
 2 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 opencryptoki-3.24.0-resource-leaks.patch

diff --git a/opencryptoki-3.24.0-resource-leaks.patch b/opencryptoki-3.24.0-resource-leaks.patch
new file mode 100644
index 0000000..f0c2598
--- /dev/null
+++ b/opencryptoki-3.24.0-resource-leaks.patch
@@ -0,0 +1,75 @@
+commit 66a18ffa057565b6bf292e50969ea27ce33b394c
+Author: Than Ngo <than@redhat.com>
+Date:   Tue Oct 29 13:41:23 2024 +0100
+
+    Fix resource leak
+    
+    1. Defect type: RESOURCE_LEAK
+      4. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:740:5: alloc_fn: Storage is returned from allocation function "malloc".
+      5. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:740:5: var_assign: Assigning: "new_key->opaque_attr" = storage returned from "malloc(attrs[0].ulValueLen)".
+      7. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:748:5: noescape: Resource "new_key->opaque_attr" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
+      9. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:752:9: leaked_storage: Freeing "new_key" without freeing its pointer field "opaque_attr" leaks the storage that "opaque_attr" points to.
+       750|       if (!new_key->label) {
+       751|           print_error("Malloc of %lu bytes failed!", attrs[2].ulValueLen + 1);
+       752|->         free(new_key);
+       753|           return 2;
+       754|       }
+    
+    2. Defect type: RESOURCE_LEAK
+       15. opencryptoki-3.24.0/usr/lib/common/mech_ec.c:1140:5: alloc_arg: "object_mgr_create_skel" allocates memory that is stored into "temp_obj".
+       21. opencryptoki-3.24.0/usr/lib/common/mech_ec.c:1182:5: leaked_storage: Variable "temp_obj" going out of scope leaks the storage it points to.
+         1180|       free(derived_key);
+         1181|
+         1182|->     return rc;
+         1183|   }
+         1184|
+    
+    Signed-off-by: Than Ngo <than@redhat.com>
+
+diff --git a/usr/lib/common/mech_dh.c b/usr/lib/common/mech_dh.c
+index b59ed852..79ac5b4d 100644
+--- a/usr/lib/common/mech_dh.c
++++ b/usr/lib/common/mech_dh.c
+@@ -124,6 +124,8 @@ CK_RV dh_pkcs_derive(STDLL_TokData_t *tokdata,
+     if (rc != CKR_OK) {
+         TRACE_ERROR("template_update_attribute failed\n");
+         free(new_attr);
++        object_free(temp_obj);
++        temp_obj = NULL;
+         return rc;
+     }
+ 
+diff --git a/usr/lib/common/mech_ec.c b/usr/lib/common/mech_ec.c
+index be8f5218..b062dbfb 100644
+--- a/usr/lib/common/mech_ec.c
++++ b/usr/lib/common/mech_ec.c
+@@ -1152,6 +1152,8 @@ CK_RV ecdh_pkcs_derive(STDLL_TokData_t *tokdata, SESSION *sess,
+         TRACE_ERROR("template_update_attribute failed\n");
+         free(value_attr);
+         free(vallen_attr);
++        object_free(temp_obj);
++        temp_obj = NULL;
+         goto end;
+     }
+ 
+@@ -1160,6 +1162,8 @@ CK_RV ecdh_pkcs_derive(STDLL_TokData_t *tokdata, SESSION *sess,
+         if (rc != CKR_OK) {
+             TRACE_ERROR("template_update_attribute failed\n");
+             free(vallen_attr);
++            object_free(temp_obj);
++            temp_obj = NULL;
+             goto end;
+         }
+     }
+diff --git a/usr/sbin/pkcscca/pkcscca.c b/usr/sbin/pkcscca/pkcscca.c
+index ffbe3311..a3756c14 100644
+--- a/usr/sbin/pkcscca/pkcscca.c
++++ b/usr/sbin/pkcscca/pkcscca.c
+@@ -749,6 +749,7 @@ int add_key(CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *attrs, struct key **keys)
+     new_key->label = malloc(attrs[2].ulValueLen + 1);
+     if (!new_key->label) {
+         print_error("Malloc of %lu bytes failed!", attrs[2].ulValueLen + 1);
++        free(new_key->opaque_attr);
+         free(new_key);
+         return 2;
+     }
diff --git a/opencryptoki.spec b/opencryptoki.spec
index 247f212..289c66e 100644
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@@ -1,15 +1,17 @@
 Name: opencryptoki
 Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
 Version: 3.24.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: CPL-1.0
 URL: https://github.com/opencryptoki/opencryptoki
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1: opencryptoki.module
 # fix install problem in buildroot
 Patch1: opencryptoki-3.24.0-p11sak.patch
+
 # upstream patches
 Patch2: opencryptoki-3.24.0-compile-error-due-to-incompatible-pointer-types.patch
+Patch3: opencryptoki-3.24.0-resource-leaks.patch
 
 Requires(pre): coreutils
 Requires: (selinux-policy >= 34.9-1 if selinux-policy-targeted)
@@ -348,6 +350,10 @@ fi
 
 
 %changelog
+* Thu Nov 07 2024 Than Ngo <than@redhat.com> - 3.24.0-3
+- Fix resource leak
+  Related: RHEL-58996
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.24.0-2
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018