diff --git a/openssl-pkcs11-0.4.10-coverity.patch b/openssl-pkcs11-0.4.10-coverity.patch new file mode 100644 index 0000000..7511d0d --- /dev/null +++ b/openssl-pkcs11-0.4.10-coverity.patch @@ -0,0 +1,44 @@ +From 1492020acd161ad4ba75be87041ebdecde77f54b Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 20 Apr 2021 19:07:10 +0200 +Subject: [PATCH] Free memory on errors + +Thanks coverity +--- + src/p11_cert.c | 4 +++- + src/p11_key.c | 4 +++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/p11_cert.c b/src/p11_cert.c +index 5cc5333..d027441 100644 +--- a/src/p11_cert.c ++++ b/src/p11_cert.c +@@ -185,8 +185,10 @@ static int pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token, + tpriv = PRIVTOKEN(token); + tmp = OPENSSL_realloc(tpriv->certs, + (tpriv->ncerts + 1) * sizeof(PKCS11_CERT)); +- if (!tmp) ++ if (!tmp) { ++ OPENSSL_free(cpriv); + return -1; ++ } + tpriv->certs = tmp; + cert = tpriv->certs + tpriv->ncerts++; + memset(cert, 0, sizeof(PKCS11_CERT)); +diff --git a/src/p11_key.c b/src/p11_key.c +index 494520f..451398a 100644 +--- a/src/p11_key.c ++++ b/src/p11_key.c +@@ -553,8 +553,10 @@ static int pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token, + return -1; + memset(kpriv, 0, sizeof(PKCS11_KEY_private)); + tmp = OPENSSL_realloc(keys->keys, (keys->num + 1) * sizeof(PKCS11_KEY)); +- if (!tmp) ++ if (!tmp) { ++ OPENSSL_free(kpriv); + return -1; ++ } + keys->keys = tmp; + key = keys->keys + keys->num++; + memset(key, 0, sizeof(PKCS11_KEY)); + diff --git a/openssl-pkcs11.spec b/openssl-pkcs11.spec index 7fe17eb..854e498 100644 --- a/openssl-pkcs11.spec +++ b/openssl-pkcs11.spec @@ -13,6 +13,9 @@ Source0: https://github.com/OpenSC/libp11/releases/download/libp11-%{vers # Downstream only for now to make RSA operations working in FIPS mode Patch4: openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch +# Coverity issues +# https://github.com/OpenSC/libp11/pull/400 +Patch5: openssl-pkcs11-0.4.10-coverity.patch BuildRequires: make BuildRequires: autoconf automake libtool