From 2a2170b44de1287907147c3eda847346436f1bea Mon Sep 17 00:00:00 2001
From: Tomas Halman <thalman@redhat.com>
Date: Mon, 13 May 2024 15:35:58 +0200
Subject: [PATCH] Fix memory leaks found by SAST

Resolves: RHEL-35381
---
 0001-resource-leaks.patch | 97 +++++++++++++++++++++++++++++++++++++++
 xmlsec1.spec              |  9 +++-
 2 files changed, 104 insertions(+), 2 deletions(-)
 create mode 100644 0001-resource-leaks.patch

diff --git a/0001-resource-leaks.patch b/0001-resource-leaks.patch
new file mode 100644
index 0000000..7fb4db5
--- /dev/null
+++ b/0001-resource-leaks.patch
@@ -0,0 +1,97 @@
+diff -up xmlsec1-1.2.29/src/c14n.c.orig xmlsec1-1.2.29/src/c14n.c
+--- xmlsec1-1.2.29/src/c14n.c.orig	2024-05-10 13:47:12.698153446 +0200
++++ xmlsec1-1.2.29/src/c14n.c	2024-05-10 18:30:35.148285625 +0200
+@@ -233,7 +233,10 @@ xmlSecTransformC14NPushXml(xmlSecTransfo
+     /* we are using a semi-hack here: we know that xmlSecPtrList keeps
+      * all pointers in the big array */
+     nsList = xmlSecTransformC14NGetNsList(transform);
+-    xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
++    if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
++        xmlOutputBufferClose(buf);
++        xmlSecAssert2(0, -1);
++    };
+ 
+     ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf);
+     if(ret < 0) {
+@@ -297,7 +300,10 @@ xmlSecTransformC14NPopBin(xmlSecTransfor
+         /* we are using a semi-hack here: we know that xmlSecPtrList keeps
+          * all pointers in the big array */
+         nsList = xmlSecTransformC14NGetNsList(transform);
+-        xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
++        if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) {
++            xmlOutputBufferClose(buf);
++            xmlSecAssert2(0, -1);
++        }
+ 
+         ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);
+         if(ret < 0) {
+@@ -737,4 +743,3 @@ xmlSecTransformId
+ xmlSecTransformRemoveXmlTagsC14NGetKlass(void) {
+     return(&xmlSecTransformRemoveXmlTagsC14NKlass);
+ }
+-
+diff -up xmlsec1-1.2.29/src/gcrypt/asymkeys.c.orig xmlsec1-1.2.29/src/gcrypt/asymkeys.c
+--- xmlsec1-1.2.29/src/gcrypt/asymkeys.c.orig	2024-05-10 18:47:45.800368678 +0200
++++ xmlsec1-1.2.29/src/gcrypt/asymkeys.c	2024-05-13 09:11:08.784351577 +0200
+@@ -198,6 +198,9 @@ done:
+         gcry_sexp_release(priv_key);
+     }
+ 
++    /* Adopt functions assume ownership thus the caller would expect this to be released */
++    gcry_sexp_release(key_pair);
++
+     /* done */
+     return(res);
+ }
+diff -up xmlsec1-1.2.29/src/parser.c.orig xmlsec1-1.2.29/src/parser.c
+--- xmlsec1-1.2.29/src/parser.c.orig	2024-05-10 13:46:59.217160842 +0200
++++ xmlsec1-1.2.29/src/parser.c	2024-05-10 17:28:22.848994008 +0200
+@@ -368,7 +368,6 @@ xmlDocPtr
+ xmlSecParseFile(const char *filename) {
+     xmlParserCtxtPtr ctxt;
+     xmlDocPtr res = NULL;
+-    char *directory = NULL;
+     int ret;
+ 
+     xmlSecAssert2(filename != NULL, NULL);
+@@ -385,23 +384,15 @@ xmlSecParseFile(const char *filename) {
+     /* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */
+ 
+     /* todo: set directories from current doc? */
+-    if ((ctxt->directory == NULL) && (directory == NULL)) {
+-        directory = xmlParserGetDirectory(filename);
+-        if(directory == NULL) {
++    if (ctxt->directory == NULL) {
++        ctxt->directory = xmlParserGetDirectory(filename);
++        if(ctxt->directory == NULL) {
+             xmlSecXmlError2("xmlParserGetDirectory", NULL,
+                             "filename=%s", xmlSecErrorsSafeString(filename));
+             xmlFreeParserCtxt(ctxt);
+             return(NULL);
+         }
+     }
+-    if ((ctxt->directory == NULL) && (directory != NULL)) {
+-        ctxt->directory = (char *) xmlStrdup(BAD_CAST directory);
+-        if(ctxt->directory == NULL) {
+-            xmlSecStrdupError(BAD_CAST directory, NULL);
+-            xmlFreeParserCtxt(ctxt);
+-            return(NULL);
+-        }
+-    }
+ 
+     /* required for c14n! */
+     ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+@@ -559,7 +550,7 @@ xmlSecParseMemory(const xmlSecByte *buff
+         if(ctxt->myDoc != NULL) {
+             xmlFreeDoc(ctxt->myDoc);
+             ctxt->myDoc = NULL;
+-        }	
++        }
+         xmlFreeParserCtxt(ctxt);
+         return(NULL);
+     }
+@@ -580,4 +571,3 @@ xmlSecParseMemory(const xmlSecByte *buff
+     xmlFreeParserCtxt(ctxt);
+     return(res);
+ }
+-
diff --git a/xmlsec1.spec b/xmlsec1.spec
index 04dec6a..1914618 100644
--- a/xmlsec1.spec
+++ b/xmlsec1.spec
@@ -1,7 +1,7 @@
 Summary: Library providing support for "XML Signature" and "XML Encryption" standards
 Name: xmlsec1
 Version: 1.2.29
-Release: 9%{?dist}%{?extra_release}
+Release: 10%{?dist}%{?extra_release}
 License: MIT
 Source0: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
 URL: http://www.aleksey.com/xmlsec/
@@ -19,6 +19,7 @@ BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: gettext-devel
 BuildRequires: libtool
+Patch0: 0001-resource-leaks.patch
 
 %description
 XML Security Library is a C library based on LibXML2  and OpenSSL.
@@ -101,7 +102,7 @@ Requires: xmlsec1-nss%{?_isa} = %{version}-%{release}
 Libraries, includes, etc. for developing XML Security applications with NSS.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 autoreconf -vfi
@@ -176,6 +177,10 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc
 %{_libdir}/pkgconfig/xmlsec1-nss.pc
 
 %changelog
+* Mon May 13 2024 Tomas Halman <thalman@redhat.com> - 1.2.29-10
+- Fix memory leaks found by SAST
+  Resolves: RHEL-35381
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.29-9
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688