Address issues reported by coverity

Resolves: rhbz#1938842
2021-04-14 15:01:53 +02:00 · 2021-04-14 15:01:53 +02:00 · 3177526a44
commit 3177526a44
parent 3365f307a0
3 changed files with 158 additions and 9 deletions
--- a/pinentry-1.1.1-coverity.patch
+++ b/pinentry-1.1.1-coverity.patch
@ -0,0 +1,142 @@
 commit a87d9e8f89f946a733c756c72bf5ec41e0a738b8
 Author: Jakub Jelen <jjelen@redhat.com>
 Date:   Wed Apr 14 15:51:27 2021 +0900
    core,emacs,tty,curses: Fix memory leaks, invalid accese, and mistake.
    * pinentry/pinentry-curses.c (dialog_create): Free NEW.
    [HAVE_NCURSESW] (dialog_run): Free OLD_CTYPE on error.
    * pinentry/pinentry.c (pinentry_inq_genpin): Free VALUE on error.
    * tty/pinentry-tty.c (tty_cmd_handler): Don't access closed FDs.
    * pinentry/pinentry-emacs.c (set_labels): Fix for ->default_cancel.
    --
    GnuPG-bug-id: 5384
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c
 index a3fe2e2..1c3008a 100644
 --- a/pinentry/pinentry-curses.c
 +++ b/pinentry/pinentry-curses.c
@@ -315,6 +315,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog)
         }								\
       dialog->which = pinentry_utf8_to_local (pinentry->lc_ctype,	\
 					      new ? new : default);	\
 +      free (new);							\
       if (!dialog->which)						\
         {								\
 	  err = 1;							\
@@ -873,6 +874,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type)
         {
           pinentry->specific_err = gpg_error_from_syserror ();
           pinentry->specific_err_loc = "open_tty_for_read";
 +#ifdef HAVE_NCURSESW
 +          free (old_ctype);
 +#endif
           return confirm_mode? 0 : -1;
         }
       ttyfo = fopen (tty_name, "w");
@@ -883,6 +887,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type)
 	  errno = err;
           pinentry->specific_err = gpg_error_from_syserror ();
           pinentry->specific_err_loc = "open_tty_for_write";
 +#ifdef HAVE_NCURSESW
 +          free (old_ctype);
 +#endif
 	  return confirm_mode? 0 : -1;
 	}
       screen = newterm (tty_type, ttyfo, ttyfi);
@@ -897,6 +904,9 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type)
               errno = ENOTTY;
               pinentry->specific_err = gpg_error_from_syserror ();
               pinentry->specific_err_loc = "isatty";
 +#ifdef HAVE_NCURSESW
 +              free (old_ctype);
 +#endif
               return confirm_mode? 0 : -1;
             }
 	  init_screen = 1;
 diff --git a/pinentry/pinentry-emacs.c b/pinentry/pinentry-emacs.c
 index 16ae1c2..9685b67 100644
 --- a/pinentry/pinentry-emacs.c
 +++ b/pinentry/pinentry-emacs.c
@@ -498,7 +498,7 @@ set_labels (pinentry_t pe)
     set_label (pe, "SETOK", pe->default_ok);
   if (pe->cancel)
     set_label (pe, "SETCANCEL", pe->cancel);
 -  else if (pe->default_ok)
 +  else if (pe->default_cancel)
     set_label (pe, "SETCANCEL", pe->default_cancel);
   if (pe->notok)
     set_label (pe, "SETNOTOK", pe->notok);
 diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c
 index ef81f12..26ec77a 100644
 --- a/pinentry/pinentry.c
 +++ b/pinentry/pinentry.c
@@ -656,6 +656,7 @@ pinentry_inq_genpin (pinentry_t pin)
           if (rc)
             {
               fprintf (stderr, "ASSUAN READ LINE failed: rc=%d\n", rc);
 +              free (value);
               return 0;
             }
         }
 diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
 index 403dd60..4a2b67f 100644
 --- a/tty/pinentry-tty.c
 +++ b/tty/pinentry-tty.c
@@ -559,7 +559,7 @@ tty_cmd_handler (pinentry_t pinentry)
         }
     }
 -  if (terminal_save (fileno (ttyfi)) < 0)
 +  if (!rc && terminal_save (fileno (ttyfi)) < 0)
     rc = -1;
   if (! rc)
 commit 75568e8bea256657258f79d3f1a0736198d05b60
 Author: Jakub Jelen <jjelen@redhat.com>
 Date:   Wed Apr 14 17:36:17 2021 +0200
    tty: Avoid double fclose
    * tty/pinentry-tty.c (tty_cmd_handler): Avoid double fclose
    --
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
 index 4a2b67f..63e306f 100644
 --- a/tty/pinentry-tty.c
 +++ b/tty/pinentry-tty.c
@@ -551,9 +551,6 @@ tty_cmd_handler (pinentry_t pinentry)
           ttyfo = fopen (pinentry->ttyname, "w");
           if (!ttyfo)
             {
 -              int err = errno;
 -              fclose (ttyfi);
 -              errno = err;
               rc = -1;
             }
         }
@@ -562,7 +559,7 @@ tty_cmd_handler (pinentry_t pinentry)
   if (!rc && terminal_save (fileno (ttyfi)) < 0)
     rc = -1;
 -  if (! rc)
 +  if (!rc)
     {
       if (terminal_setup (fileno (ttyfi), !!pinentry->pin) == -1)
         {
@@ -583,7 +583,8 @@ tty_cmd_handler (pinentry_t pinentry)
   if (pinentry->ttyname)
     {
       fclose (ttyfi);
 -      fclose (ttyfo);
 +      if (ttyfo)
 +        fclose (ttyfo);
     }
   return rc;
--- a/14
+++ b/14
@ -32,22 +32,20 @@ done
 # export DISPLAY if pinentry is meant to be run on a different display
 # check the KDE_FULL_SESSION variable otherwise
-if [ -n "$display" -a "$DISPLAY" != "$display" ]; then
+if [ -n "$display" ] && [ "$DISPLAY" != "$display" ]; then
    export DISPLAY="$display"
 elif [ -n "$KDE_FULL_SESSION" ]; then
    kde_running=1
    kde_ver="$KDE_SESSION_VERSION"
 fi
 # Check for presence of xprop binary
 type xprop >/dev/null 2>/dev/null
 XPROP=$?
-if [ -n "$DISPLAY" -a $XPROP -eq 0 ]; then
+if [ -n "$DISPLAY" ] && [ $XPROP -eq 0 ]; then
    xprop -root | grep "^KDE_FULL_SESSION" >/dev/null 2>/dev/null
    if test $? -eq 0; then
        kde_running=1
        kde_ver="`xprop -root | sed -n 's/KDE_SESSION_VERSION(CARDINAL) = //p'`" 2>/dev/null
    fi
 fi
@ -56,19 +54,19 @@ if [ -n "$PINENTRY_BINARY" ];
 then
 	export PINENTRY_BINARY="$PINENTRY_BINARY"
 # if KDE is detected and pinentry-qt exists, use pinentry-qt
-elif [ -n "$kde_running" -a -x /usr/bin/pinentry-qt ]
+elif [ -n "$kde_running" ] && [ -x /usr/bin/pinentry-qt ]
 then
 	export PINENTRY_BINARY="/usr/bin/pinentry-qt"
 # otherwise test if pinentry-gnome3 is installed
-elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-gnome3 ]
+elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-gnome3 ]
 then
 	export PINENTRY_BINARY="/usr/bin/pinentry-gnome3"
 # otherwise test if pinentry-gtk-2 is installed
-elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-gtk-2 ]
+elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-gtk-2 ]
 then
 	export PINENTRY_BINARY="/usr/bin/pinentry-gtk-2"
 # otherwise test if pinentry-qt exists although KDE is not detected
-elif [ -n "$DISPLAY" -a -x /usr/bin/pinentry-qt ]
+elif [ -n "$DISPLAY" ] && [ -x /usr/bin/pinentry-qt ]
 then
 	export PINENTRY_BINARY="/usr/bin/pinentry-qt"
 # use pinentry-tty if installed
--- a/pinentry.spec
+++ b/pinentry.spec
@ -1,7 +1,7 @@
 Name:    pinentry
 Version: 1.1.1
-Release: 3%{?dist}
+Release: 5%{?dist}
 Summary: Collection of simple PIN or passphrase entry dialogs
 License: GPLv2+
@ -9,6 +9,8 @@ URL:     https://www.gnupg.org/
 Source0: https://gnupg.org/ftp/gcrypt/pinentry/%{name}-%{version}.tar.bz2
 Source1: https://gnupg.org/ftp/gcrypt/pinentry/%{name}-%{version}.tar.bz2.sig
 Patch1: pinentry-1.1.1-coverity.patch
 # borrowed from opensuse
 Source10: pinentry-wrapper
@ -86,6 +88,7 @@ This package contains the tty version of the PIN entry dialog.
 %prep
 %setup -q
 %patch1 -p1 -b .coverity
 %build
@ -143,6 +146,12 @@ rm -fv $RPM_BUILD_ROOT%{_infodir}/dir
 %{_bindir}/pinentry-tty
 %changelog
 * Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.1.1-5
 - Address few more minor issues reported by coverity
 * Wed Apr 14 2021 Jakub Jelen <jjelen@redhat.com> - 1.1.1-4
 - Fix issues reported by coverity
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild