From 3177526a44d17b2372a68952afc1c0393f3025ed Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 14 Apr 2021 15:01:53 +0200 Subject: [PATCH] Address issues reported by coverity Resolves: rhbz#1938842 --- pinentry-1.1.1-coverity.patch | 142 ++++++++++++++++++++++++++++++++++ pinentry-wrapper | 14 ++-- pinentry.spec | 11 ++- 3 files changed, 158 insertions(+), 9 deletions(-) create mode 100644 pinentry-1.1.1-coverity.patch diff --git a/pinentry-1.1.1-coverity.patch b/pinentry-1.1.1-coverity.patch new file mode 100644 index 0000000..9f10278 --- /dev/null +++ b/pinentry-1.1.1-coverity.patch @@ -0,0 +1,142 @@ +commit a87d9e8f89f946a733c756c72bf5ec41e0a738b8 +Author: Jakub Jelen +Date: Wed Apr 14 15:51:27 2021 +0900 + + core,emacs,tty,curses: Fix memory leaks, invalid accese, and mistake. + + * pinentry/pinentry-curses.c (dialog_create): Free NEW. + [HAVE_NCURSESW] (dialog_run): Free OLD_CTYPE on error. + * pinentry/pinentry.c (pinentry_inq_genpin): Free VALUE on error. + * tty/pinentry-tty.c (tty_cmd_handler): Don't access closed FDs. + * pinentry/pinentry-emacs.c (set_labels): Fix for ->default_cancel. + + -- + + GnuPG-bug-id: 5384 + Signed-off-by: Jakub Jelen + +diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c +index a3fe2e2..1c3008a 100644 +--- a/pinentry/pinentry-curses.c ++++ b/pinentry/pinentry-curses.c +@@ -315,6 +315,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) + } \ + dialog->which = pinentry_utf8_to_local (pinentry->lc_ctype, \ + new ? new : default); \ ++ free (new); \ + if (!dialog->which) \ + { \ + err = 1; \ +@@ -873,6 +874,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) + { + pinentry->specific_err = gpg_error_from_syserror (); + pinentry->specific_err_loc = "open_tty_for_read"; ++#ifdef HAVE_NCURSESW ++ free (old_ctype); ++#endif + return confirm_mode? 0 : -1; + } + ttyfo = fopen (tty_name, "w"); +@@ -883,6 +887,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) + errno = err; + pinentry->specific_err = gpg_error_from_syserror (); + pinentry->specific_err_loc = "open_tty_for_write"; ++#ifdef HAVE_NCURSESW ++ free (old_ctype); ++#endif + return confirm_mode? 0 : -1; + } + screen = newterm (tty_type, ttyfo, ttyfi); +@@ -897,6 +904,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) + errno = ENOTTY; + pinentry->specific_err = gpg_error_from_syserror (); + pinentry->specific_err_loc = "isatty"; ++#ifdef HAVE_NCURSESW ++ free (old_ctype); ++#endif + return confirm_mode? 0 : -1; + } + init_screen = 1; +diff --git a/pinentry/pinentry-emacs.c b/pinentry/pinentry-emacs.c +index 16ae1c2..9685b67 100644 +--- a/pinentry/pinentry-emacs.c ++++ b/pinentry/pinentry-emacs.c +@@ -498,7 +498,7 @@ set_labels (pinentry_t pe) + set_label (pe, "SETOK", pe->default_ok); + if (pe->cancel) + set_label (pe, "SETCANCEL", pe->cancel); +- else if (pe->default_ok) ++ else if (pe->default_cancel) + set_label (pe, "SETCANCEL", pe->default_cancel); + if (pe->notok) + set_label (pe, "SETNOTOK", pe->notok); +diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c +index ef81f12..26ec77a 100644 +--- a/pinentry/pinentry.c ++++ b/pinentry/pinentry.c +@@ -656,6 +656,7 @@ pinentry_inq_genpin (pinentry_t pin) + if (rc) + { + fprintf (stderr, "ASSUAN READ LINE failed: rc=%d\n", rc); ++ free (value); + return 0; + } + } +diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c +index 403dd60..4a2b67f 100644 +--- a/tty/pinentry-tty.c ++++ b/tty/pinentry-tty.c +@@ -559,7 +559,7 @@ tty_cmd_handler (pinentry_t pinentry) + } + } + +- if (terminal_save (fileno (ttyfi)) < 0) ++ if (!rc && terminal_save (fileno (ttyfi)) < 0) + rc = -1; + + if (! rc) +commit 75568e8bea256657258f79d3f1a0736198d05b60 +Author: Jakub Jelen +Date: Wed Apr 14 17:36:17 2021 +0200 + + tty: Avoid double fclose + + * tty/pinentry-tty.c (tty_cmd_handler): Avoid double fclose + + -- + + Signed-off-by: Jakub Jelen + +diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c +index 4a2b67f..63e306f 100644 +--- a/tty/pinentry-tty.c ++++ b/tty/pinentry-tty.c +@@ -551,9 +551,6 @@ tty_cmd_handler (pinentry_t pinentry) + ttyfo = fopen (pinentry->ttyname, "w"); + if (!ttyfo) + { +- int err = errno; +- fclose (ttyfi); +- errno = err; + rc = -1; + } + } +@@ -562,7 +559,7 @@ tty_cmd_handler (pinentry_t pinentry) + if (!rc && terminal_save (fileno (ttyfi)) < 0) + rc = -1; + +- if (! rc) ++ if (!rc) + { + if (terminal_setup (fileno (ttyfi), !!pinentry->pin) == -1) + { +@@ -583,7 +583,8 @@ tty_cmd_handler (pinentry_t pinentry) + if (pinentry->ttyname) + { + fclose (ttyfi); +- fclose (ttyfo); ++ if (ttyfo) ++ fclose (ttyfo); + } + + return rc; diff --git a/pinentry-wrapper b/pinentry-wrapper index 6dd72c5..e4318df 100755 --- a/pinentry-wrapper +++ b/pinentry-wrapper @@ -32,22 +32,20 @@ done # export DISPLAY if pinentry is meant to be run on a different display # check the KDE_FULL_SESSION variable otherwise -if [ -n "$display" -a "$DISPLAY" != "$display" ]; then +if [ -n "$display" ] && [ "$DISPLAY" != "$display" ]; then export DISPLAY="$display" elif [ -n "$KDE_FULL_SESSION" ]; then kde_running=1 - kde_ver="$KDE_SESSION_VERSION" fi # Check for presence of xprop binary type xprop >/dev/null 2>/dev/null XPROP=$? -if [ -n "$DISPLAY" -a $XPROP -eq 0 ]; then +if [ -n "$DISPLAY" ] && [ $XPROP -eq 0 ]; then xprop -root | grep "^KDE_FULL_SESSION" >/dev/null 2>/dev/null if test $? -eq 0; then kde_running=1 - kde_ver="`xprop -root | sed -n 's/KDE_SESSION_VERSION(CARDINAL) = //p'`" 2>/dev/null fi fi @@ -56,19 +54,19 @@ if [ -n "$PINENTRY_BINARY" ]; then export PINENTRY_BINARY="$PINENTRY_BINARY" # if KDE is detected and pinentry-qt exists, use pinentry-qt -elif [ -n "$kde_running" -a -x /usr/bin/pinentry-qt ] +elif [ -n "$kde_running" ] && [ -x /usr/bin/pinentry-qt ] then export PINENTRY_BINARY="/usr/bin/pinentry-qt" # otherwise test if pinentry-gnome3 is installed -elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-gnome3 ] +elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-gnome3 ] then export PINENTRY_BINARY="/usr/bin/pinentry-gnome3" # otherwise test if pinentry-gtk-2 is installed -elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-gtk-2 ] +elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-gtk-2 ] then export PINENTRY_BINARY="/usr/bin/pinentry-gtk-2" # otherwise test if pinentry-qt exists although KDE is not detected -elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-qt ] +elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-qt ] then export PINENTRY_BINARY="/usr/bin/pinentry-qt" # use pinentry-tty if installed diff --git a/pinentry.spec b/pinentry.spec index 9a9e29d..e3138e6 100644 --- a/pinentry.spec +++ b/pinentry.spec @@ -1,7 +1,7 @@ Name: pinentry Version: 1.1.1 -Release: 3%{?dist} +Release: 5%{?dist} Summary: Collection of simple PIN or passphrase entry dialogs License: GPLv2+ @@ -9,6 +9,8 @@ URL: https://www.gnupg.org/ Source0: https://gnupg.org/ftp/gcrypt/pinentry/%{name}-%{version}.tar.bz2 Source1: https://gnupg.org/ftp/gcrypt/pinentry/%{name}-%{version}.tar.bz2.sig +Patch1: pinentry-1.1.1-coverity.patch + # borrowed from opensuse Source10: pinentry-wrapper @@ -86,6 +88,7 @@ This package contains the tty version of the PIN entry dialog. %prep %setup -q +%patch1 -p1 -b .coverity %build @@ -143,6 +146,12 @@ rm -fv $RPM_BUILD_ROOT%{_infodir}/dir %{_bindir}/pinentry-tty %changelog +* Thu Apr 15 2021 Jakub Jelen - 1.1.1-5 +- Address few more minor issues reported by coverity + +* Wed Apr 14 2021 Jakub Jelen - 1.1.1-4 +- Fix issues reported by coverity + * Wed Jan 27 2021 Fedora Release Engineering - 1.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild