From 085c8e15f92468991790bceb3de88b4a0de886f8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 30 Apr 2021 20:57:03 +0200
Subject: [PATCH] Fix coverity issues

Resolves: rhbz#1938833
---
 openssl-pkcs11-0.4.10-coverity.patch | 44 ++++++++++++++++++++++++++++
 openssl-pkcs11.spec                  |  8 ++++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 openssl-pkcs11-0.4.10-coverity.patch

diff --git a/openssl-pkcs11-0.4.10-coverity.patch b/openssl-pkcs11-0.4.10-coverity.patch
new file mode 100644
index 0000000..7511d0d
--- /dev/null
+++ b/openssl-pkcs11-0.4.10-coverity.patch
@@ -0,0 +1,44 @@
+From 1492020acd161ad4ba75be87041ebdecde77f54b Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 20 Apr 2021 19:07:10 +0200
+Subject: [PATCH] Free memory on errors
+
+Thanks coverity
+---
+ src/p11_cert.c | 4 +++-
+ src/p11_key.c  | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/p11_cert.c b/src/p11_cert.c
+index 5cc5333..d027441 100644
+--- a/src/p11_cert.c
++++ b/src/p11_cert.c
+@@ -185,8 +185,10 @@ static int pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
+ 	tpriv = PRIVTOKEN(token);
+ 	tmp = OPENSSL_realloc(tpriv->certs,
+ 		(tpriv->ncerts + 1) * sizeof(PKCS11_CERT));
+-	if (!tmp)
++	if (!tmp) {
++		OPENSSL_free(cpriv);
+ 		return -1;
++	}
+ 	tpriv->certs = tmp;
+ 	cert = tpriv->certs + tpriv->ncerts++;
+ 	memset(cert, 0, sizeof(PKCS11_CERT));
+diff --git a/src/p11_key.c b/src/p11_key.c
+index 494520f..451398a 100644
+--- a/src/p11_key.c
++++ b/src/p11_key.c
+@@ -553,8 +553,10 @@ static int pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
+ 		return -1;
+ 	memset(kpriv, 0, sizeof(PKCS11_KEY_private));
+ 	tmp = OPENSSL_realloc(keys->keys, (keys->num + 1) * sizeof(PKCS11_KEY));
+-	if (!tmp)
++	if (!tmp) {
++		OPENSSL_free(kpriv);
+ 		return -1;
++	}
+ 	keys->keys = tmp;
+ 	key = keys->keys + keys->num++;
+ 	memset(key, 0, sizeof(PKCS11_KEY));
+
diff --git a/openssl-pkcs11.spec b/openssl-pkcs11.spec
index 2127e20..8d7fbf1 100644
--- a/openssl-pkcs11.spec
+++ b/openssl-pkcs11.spec
@@ -1,5 +1,5 @@
 Version: 0.4.11
-Release: 3%{?dist}
+Release: 4%{?dist}
 
 # Define the directory where the OpenSSL engines are installed
 %global enginesdir %{_libdir}/engines-1.1
@@ -13,6 +13,9 @@ Source0:        https://github.com/OpenSC/libp11/releases/download/libp11-%{vers
 
 # Downstream only for now to make RSA operations working in FIPS mode
 Patch4:         openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch
+# Coverity issues
+# https://github.com/OpenSC/libp11/pull/400
+Patch5:         openssl-pkcs11-0.4.10-coverity.patch
 
 BuildRequires: make
 BuildRequires:  autoconf automake libtool
@@ -113,6 +116,9 @@ make check %{?_smp_mflags} || if [ $? -ne 0 ]; then cat tests/*.log; exit 1; fi;
 %endif
 
 %changelog
+* Fri Apr 30 2021 Jakub Jelen <jjelen@redhat.com> - 0.4.11-4
+- Fix coverity reported issues
+
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.11-3
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937