- Fix resource leak
Related: RHEL-50064
This commit is contained in:
Than Ngo
parent
22ada1251f
commit
d7abf1aa7d
75
opencryptoki-3.24.0-resource-leaks.patch
Normal file
75
opencryptoki-3.24.0-resource-leaks.patch
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
commit 66a18ffa057565b6bf292e50969ea27ce33b394c
|
||||||
|
Author: Than Ngo <than@redhat.com>
|
||||||
|
Date: Tue Oct 29 13:41:23 2024 +0100
|
||||||
|
|
||||||
|
Fix resource leak
|
||||||
|
|
||||||
|
1. Defect type: RESOURCE_LEAK
|
||||||
|
4. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:740:5: alloc_fn: Storage is returned from allocation function "malloc".
|
||||||
|
5. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:740:5: var_assign: Assigning: "new_key->opaque_attr" = storage returned from "malloc(attrs[0].ulValueLen)".
|
||||||
|
7. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:748:5: noescape: Resource "new_key->opaque_attr" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
||||||
|
9. opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:752:9: leaked_storage: Freeing "new_key" without freeing its pointer field "opaque_attr" leaks the storage that "opaque_attr" points to.
|
||||||
|
750| if (!new_key->label) {
|
||||||
|
751| print_error("Malloc of %lu bytes failed!", attrs[2].ulValueLen + 1);
|
||||||
|
752|-> free(new_key);
|
||||||
|
753| return 2;
|
||||||
|
754| }
|
||||||
|
|
||||||
|
2. Defect type: RESOURCE_LEAK
|
||||||
|
15. opencryptoki-3.24.0/usr/lib/common/mech_ec.c:1140:5: alloc_arg: "object_mgr_create_skel" allocates memory that is stored into "temp_obj".
|
||||||
|
21. opencryptoki-3.24.0/usr/lib/common/mech_ec.c:1182:5: leaked_storage: Variable "temp_obj" going out of scope leaks the storage it points to.
|
||||||
|
1180| free(derived_key);
|
||||||
|
1181|
|
||||||
|
1182|-> return rc;
|
||||||
|
1183| }
|
||||||
|
1184|
|
||||||
|
|
||||||
|
Signed-off-by: Than Ngo <than@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/usr/lib/common/mech_dh.c b/usr/lib/common/mech_dh.c
|
||||||
|
index b59ed852..79ac5b4d 100644
|
||||||
|
--- a/usr/lib/common/mech_dh.c
|
||||||
|
+++ b/usr/lib/common/mech_dh.c
|
||||||
|
@@ -124,6 +124,8 @@ CK_RV dh_pkcs_derive(STDLL_TokData_t *tokdata,
|
||||||
|
if (rc != CKR_OK) {
|
||||||
|
TRACE_ERROR("template_update_attribute failed\n");
|
||||||
|
free(new_attr);
|
||||||
|
+ object_free(temp_obj);
|
||||||
|
+ temp_obj = NULL;
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/usr/lib/common/mech_ec.c b/usr/lib/common/mech_ec.c
|
||||||
|
index be8f5218..b062dbfb 100644
|
||||||
|
--- a/usr/lib/common/mech_ec.c
|
||||||
|
+++ b/usr/lib/common/mech_ec.c
|
||||||
|
@@ -1152,6 +1152,8 @@ CK_RV ecdh_pkcs_derive(STDLL_TokData_t *tokdata, SESSION *sess,
|
||||||
|
TRACE_ERROR("template_update_attribute failed\n");
|
||||||
|
free(value_attr);
|
||||||
|
free(vallen_attr);
|
||||||
|
+ object_free(temp_obj);
|
||||||
|
+ temp_obj = NULL;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1160,6 +1162,8 @@ CK_RV ecdh_pkcs_derive(STDLL_TokData_t *tokdata, SESSION *sess,
|
||||||
|
if (rc != CKR_OK) {
|
||||||
|
TRACE_ERROR("template_update_attribute failed\n");
|
||||||
|
free(vallen_attr);
|
||||||
|
+ object_free(temp_obj);
|
||||||
|
+ temp_obj = NULL;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/usr/sbin/pkcscca/pkcscca.c b/usr/sbin/pkcscca/pkcscca.c
|
||||||
|
index ffbe3311..a3756c14 100644
|
||||||
|
--- a/usr/sbin/pkcscca/pkcscca.c
|
||||||
|
+++ b/usr/sbin/pkcscca/pkcscca.c
|
||||||
|
@@ -749,6 +749,7 @@ int add_key(CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *attrs, struct key **keys)
|
||||||
|
new_key->label = malloc(attrs[2].ulValueLen + 1);
|
||||||
|
if (!new_key->label) {
|
||||||
|
print_error("Malloc of %lu bytes failed!", attrs[2].ulValueLen + 1);
|
||||||
|
+ free(new_key->opaque_attr);
|
||||||
|
free(new_key);
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
@ -1,14 +1,16 @@
|
|||||||
Name: opencryptoki
|
Name: opencryptoki
|
||||||
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
|
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
|
||||||
Version: 3.24.0
|
Version: 3.24.0
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: CPL-1.0
|
License: CPL-1.0
|
||||||
URL: https://github.com/opencryptoki/opencryptoki
|
URL: https://github.com/opencryptoki/opencryptoki
|
||||||
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
# fix install problem in buildroot
|
# fix install problem in buildroot
|
||||||
Patch1: opencryptoki-3.24.0-p11sak.patch
|
Patch1: opencryptoki-3.24.0-p11sak.patch
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
Patch2: opencryptoki-3.24.0-compile-error-due-to-incompatible-pointer-types.patch
|
Patch2: opencryptoki-3.24.0-compile-error-due-to-incompatible-pointer-types.patch
|
||||||
|
Patch3: opencryptoki-3.24.0-resource-leaks.patch
|
||||||
|
|
||||||
Requires(pre): coreutils
|
Requires(pre): coreutils
|
||||||
Requires: (selinux-policy >= 38.1.14-1 if selinux-policy-targeted)
|
Requires: (selinux-policy >= 38.1.14-1 if selinux-policy-targeted)
|
||||||
@ -347,6 +349,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 07 2024 Than Ngo <than@redhat.com> - 3.24.0-2
|
||||||
|
- Fix resource leak
|
||||||
|
Related: RHEL-50064
|
||||||
|
|
||||||
* Tue Oct 22 2024 Than Ngo <than@redhat.com> - 3.24.0-1
|
* Tue Oct 22 2024 Than Ngo <than@redhat.com> - 3.24.0-1
|
||||||
- Resolves: RHEL-50064, update to 3.24.0
|
- Resolves: RHEL-50064, update to 3.24.0
|
||||||
- Resolves: RHEL-50063, opencryptoki CCA Token support for x86_64 and ppc64le
|
- Resolves: RHEL-50063, opencryptoki CCA Token support for x86_64 and ppc64le
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user