Address outstanding coverity issues

Resolves: RHEL-765
2023-07-11 16:30:34 +02:00 · 2023-07-11 16:30:34 +02:00 · 4781c57f7a
commit 4781c57f7a
parent dad41d5eca
2 changed files with 67 additions and 0 deletions
--- a/opensc-0.20.0-reader-removal.patch
+++ b/opensc-0.20.0-reader-removal.patch
@ -2106,3 +2106,68 @@ index 3b61c498..c67212b3 100644
 2.40.1


+From 295f399304644e6b0acde267ac410d0aae4a1aee Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 24 Apr 2020 10:18:03 +0200
+Subject: [PATCH] reader-pcsc: Avoid use after free (CID 355473)
+
+---
+ src/libopensc/reader-pcsc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libopensc/reader-pcsc.c b/src/libopensc/reader-pcsc.c
+index 34dc821bf..b3da6fc88 100644
+--- a/src/libopensc/reader-pcsc.c
+++ b/src/libopensc/reader-pcsc.c
+@@ -2550,10 +2550,10 @@ int pcsc_use_reader(sc_context_t *ctx, void * pcsc_context_handle, void * pcsc_c
+ 			priv->pcsc_card = card_handle;
+ 			detect_protocol(reader, card_handle);
+ 			detect_reader_features(reader, card_handle);
+			gpriv->attached_reader = reader;
+ 		} else {
+ 			_sc_delete_reader(ctx, reader);
+ 		}
+-		gpriv->attached_reader = reader;
+ 	}
+ 
+ out:
+-- 
+2.41.0
+
+From ca01aa7a8edc8280a5ceadebb472c2e3c198d8c2 Mon Sep 17 00:00:00 2001
+From: Peter Popovec <popovec.peter@gmail.com>
+Date: Thu, 20 Jan 2022 12:26:19 +0100
+Subject: [PATCH] Coverity Scan fix, CID 374840: Null pointer dereferences 
+ (REVERSE_INULL)
+
+	modified:   src/pkcs11/slot.c
+---
+ src/pkcs11/slot.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/pkcs11/slot.c b/src/pkcs11/slot.c
+index ea8a3ac2a..86cb3b884 100644
+--- a/src/pkcs11/slot.c
+++ b/src/pkcs11/slot.c
+@@ -69,15 +69,17 @@ static struct sc_pkcs11_slot * reader_reclaim_slot(sc_reader_t *reader)
+ 	CK_UTF8CHAR slotDescription[64];
+ 	CK_UTF8CHAR manufacturerID[32];
+ 
+	if (reader == NULL)
+		return NULL;
+ 	strcpy_bp(slotDescription, reader->name, 64);
+ 	strcpy_bp(manufacturerID, reader->vendor, 32);
+ 
+ 	/* Locate a slot related to the reader */
+ 	for (i = 0; i<list_size(&virtual_slots); i++) {
+ 		sc_pkcs11_slot_t *slot = (sc_pkcs11_slot_t *) list_get_at(&virtual_slots, i);
+ 		if (slot->reader == reader)
+ 			return slot;
+-		if (slot->reader == NULL && reader != NULL
+		if (slot->reader == NULL
+ 				&& 0 == memcmp(slot->slot_info.slotDescription, slotDescription, 64)
+ 				&& 0 == memcmp(slot->slot_info.manufacturerID, manufacturerID, 32)
+ 				&& slot->slot_info.hardwareVersion.major == reader->version_major
+-- 
+2.41.0
+
--- a/opensc.spec
+++ b/opensc.spec
@ -51,6 +51,8 @@ Patch18:        opensc-0.20.0-CVE-2023-2977.patch
 # 843779fe6e0f345f483f9ce9c9739913502391eb
 # 7936bdef15c71139a6a6159cabaf9e6101565add
 # 1202eceeefd5ffab45648d41ed0a3076cac10920
+# 295f399304644e6b0acde267ac410d0aae4a1aee
+# ca01aa7a8edc8280a5ceadebb472c2e3c198d8c2
 Patch19:        opensc-0.20.0-reader-removal.patch