From bbac9eb1833dc0cb98123d159e2ff7e5dcff945e Mon Sep 17 00:00:00 2001
From: Jiri Kucera <jkucera@redhat.com>
Date: Wed, 31 Mar 2021 12:03:54 +0200
Subject: [PATCH] Fix resource leaks

---
 volume_key-0.3.12-fix_resource_leaks.patch | 59 ++++++++++++++++++++++
 volume_key.spec                            |  9 +++-
 2 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 volume_key-0.3.12-fix_resource_leaks.patch

diff --git a/volume_key-0.3.12-fix_resource_leaks.patch b/volume_key-0.3.12-fix_resource_leaks.patch
new file mode 100644
index 0000000..31d69d7
--- /dev/null
+++ b/volume_key-0.3.12-fix_resource_leaks.patch
@@ -0,0 +1,59 @@
+diff --git a/lib/kmip.c b/lib/kmip.c
+index dda819a..333603c 100644
+--- a/lib/kmip.c
++++ b/lib/kmip.c
+@@ -1152,6 +1152,7 @@ kmip_decode_key_value (struct kmip_decoding_state *kmip,
+       break;
+ 
+     default:
++      kmip_key_value_free (res);
+       g_return_val_if_reached (-1);
+     }
+   res->attributes = g_ptr_array_new ();
+@@ -1348,6 +1349,7 @@ kmip_decode_object_symmetric_key (struct kmip_decoding_state *kmip,
+       g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
+       g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
+ 		   _("Unsupported symmetric key format %s"), num);
++      kmip_object_symmetric_key_free (res);
+       return -1;
+     }
+   *obj = res;
+@@ -1384,6 +1386,7 @@ kmip_decode_object_secret_data (struct kmip_decoding_state *kmip,
+       g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
+       g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
+ 		   _("Unsupported symmetric key format %s"), num);
++      kmip_object_secret_data_free (res);
+       return -1;
+     }
+   *obj = res;
+diff --git a/lib/volume_luks.c b/lib/volume_luks.c
+index d1c5d47..4d32d9b 100644
+--- a/lib/volume_luks.c
++++ b/lib/volume_luks.c
+@@ -547,8 +547,8 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+     }
+   g_free (last_log_entry);
+ 
+-  g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
+-			-1);
++  if (vol->v.luks->key_bytes != packet->v.luks->key_bytes)
++    goto err_passphrase;
+   luks_replace_key (vol, packet->v.luks->key);
+   luks_replace_passphrase (vol, passphrase);
+   vol->v.luks->passphrase_slot = res;
+diff --git a/src/volume_key.c b/src/volume_key.c
+index 074b187..24b70d6 100644
+--- a/src/volume_key.c
++++ b/src/volume_key.c
+@@ -735,6 +735,11 @@ write_packet (struct packet_output_state *pos, const char *filename,
+       || g_file_set_contents (filename, packet, size, error) == FALSE)
+     {
+       g_prefix_error (error, _("Error creating `%s': "), filename);
++      if (packet != NULL) {
++        if (output_format_cleartext != 0)
++          memset (packet, 0, size);
++        g_free (packet);
++      }
+       return -1;
+     }
+   if (output_format_cleartext != 0)
diff --git a/volume_key.spec b/volume_key.spec
index f8ef9bc..e346ac9 100644
--- a/volume_key.spec
+++ b/volume_key.spec
@@ -32,7 +32,7 @@
 Summary: An utility for manipulating storage encryption keys and passphrases
 Name: volume_key
 Version: 0.3.12
-Release: 10%{?dist}
+Release: 11%{?dist}
 # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2
 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2)
 URL: https://pagure.io/%{name}/
@@ -42,6 +42,9 @@ Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
 # Support all LUKS devices
 # - backport of 26c09768662d8958debe8c9410dae9fda02292c3
 Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch
+# Fix resource leaks
+# - backport of bf6618ec0b09b4e51fc97fa021e687fbd87599ba
+Patch1: volume_key-0.3.12-fix_resource_leaks.patch
 BuildRequires: make
 BuildRequires: gcc
 BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2
@@ -117,6 +120,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 %configure %{?with_pythons}
@@ -167,6 +171,9 @@ exit 1; \
 %endif
 
 %changelog
+* Wed Mar 31 2021 Jiri Kucera <jkucera@redhat.com> - 0.3.12-11
+- Fix resource leaks
+
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild