From ec97629866d6ca85d8916bb8fb3dde04f8242279 Mon Sep 17 00:00:00 2001 From: Tomas Halman Date: Mon, 13 May 2024 15:35:58 +0200 Subject: [PATCH] Fix memory leaks found by SAST Resolves: RHEL-36185 (cherry picked from commit 2a2170b44de1287907147c3eda847346436f1bea) --- 0001-resource-leaks.patch | 88 +++++++++++++++++++++++++++++++++++++++ xmlsec1.spec | 11 +++-- 2 files changed, 95 insertions(+), 4 deletions(-) create mode 100644 0001-resource-leaks.patch diff --git a/0001-resource-leaks.patch b/0001-resource-leaks.patch new file mode 100644 index 0000000..b8d7f91 --- /dev/null +++ b/0001-resource-leaks.patch @@ -0,0 +1,88 @@ +diff -up xmlsec1-1.2.25/src/c14n.c.orig xmlsec1-1.2.25/src/c14n.c +--- xmlsec1-1.2.25/src/c14n.c.orig 2017-09-12 15:21:09.000000000 +0200 ++++ xmlsec1-1.2.25/src/c14n.c 2024-05-14 09:55:35.800202266 +0200 +@@ -228,7 +228,10 @@ xmlSecTransformC14NPushXml(xmlSecTransfo + /* we are using a semi-hack here: we know that xmlSecPtrList keeps + * all pointers in the big array */ + nsList = xmlSecTransformC14NGetNsList(transform); +- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1); ++ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) { ++ xmlOutputBufferClose(buf); ++ xmlSecAssert2(0, -1); ++ }; + + ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf); + if(ret < 0) { +@@ -292,7 +295,10 @@ xmlSecTransformC14NPopBin(xmlSecTransfor + /* we are using a semi-hack here: we know that xmlSecPtrList keeps + * all pointers in the big array */ + nsList = xmlSecTransformC14NGetNsList(transform); +- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1); ++ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) { ++ xmlOutputBufferClose(buf); ++ xmlSecAssert2(0, -1); ++ } + + ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf); + if(ret < 0) { +@@ -732,4 +738,3 @@ xmlSecTransformId + xmlSecTransformRemoveXmlTagsC14NGetKlass(void) { + return(&xmlSecTransformRemoveXmlTagsC14NKlass); + } +- +diff -up xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig xmlsec1-1.2.25/src/gcrypt/asymkeys.c +--- xmlsec1-1.2.25/src/gcrypt/asymkeys.c.orig 2017-09-12 15:21:09.000000000 +0200 ++++ xmlsec1-1.2.25/src/gcrypt/asymkeys.c 2024-05-14 09:55:35.801202265 +0200 +@@ -190,6 +190,9 @@ done: + gcry_sexp_release(priv_key); + } + ++ /* Adopt functions assume ownership thus the caller would expect this to be released */ ++ gcry_sexp_release(key_pair); ++ + /* done */ + return(res); + } +diff -up xmlsec1-1.2.25/src/parser.c.orig xmlsec1-1.2.25/src/parser.c +--- xmlsec1-1.2.25/src/parser.c.orig 2017-09-12 15:21:09.000000000 +0200 ++++ xmlsec1-1.2.25/src/parser.c 2024-05-14 09:55:35.802202264 +0200 +@@ -354,7 +354,6 @@ xmlDocPtr + xmlSecParseFile(const char *filename) { + xmlParserCtxtPtr ctxt; + xmlDocPtr res = NULL; +- char *directory = NULL; + int ret; + + xmlSecAssert2(filename != NULL, NULL); +@@ -371,23 +370,15 @@ xmlSecParseFile(const char *filename) { + /* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */ + + /* todo: set directories from current doc? */ +- if ((ctxt->directory == NULL) && (directory == NULL)) { +- directory = xmlParserGetDirectory(filename); +- if(directory == NULL) { ++ if (ctxt->directory == NULL) { ++ ctxt->directory = xmlParserGetDirectory(filename); ++ if(ctxt->directory == NULL) { + xmlSecXmlError2("xmlParserGetDirectory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); + xmlFreeParserCtxt(ctxt); + return(NULL); + } + } +- if ((ctxt->directory == NULL) && (directory != NULL)) { +- ctxt->directory = (char *) xmlStrdup(BAD_CAST directory); +- if(ctxt->directory == NULL) { +- xmlSecStrdupError(BAD_CAST directory, NULL); +- xmlFreeParserCtxt(ctxt); +- return(NULL); +- } +- } + + /* required for c14n! */ + ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS; +@@ -547,4 +538,3 @@ xmlSecParseMemory(const xmlSecByte *buff + xmlFreeParserCtxt(ctxt); + return(res); + } +- diff --git a/xmlsec1.spec b/xmlsec1.spec index 9d32888..05a4bc0 100644 --- a/xmlsec1.spec +++ b/xmlsec1.spec @@ -1,7 +1,7 @@ Summary: Library providing support for "XML Signature" and "XML Encryption" standards Name: xmlsec1 Version: 1.2.25 -Release: 4%{?dist}%{?extra_release} +Release: 5%{?dist}%{?extra_release} License: MIT Source0: http://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz URL: http://www.aleksey.com/xmlsec/ @@ -18,7 +18,7 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: gettext-devel BuildRequires: libtool - +Patch0: 0001-resource-leaks.patch Patch1: xmlSecOpenSSLX509DataNodeRead-error.patch %description @@ -102,8 +102,7 @@ Requires: xmlsec1-nss%{?_isa} = %{version}-%{release} Libraries, includes, etc. for developing XML Security applications with NSS. %prep -%setup -q -%patch1 -p1 +%autosetup -p1 %build autoreconf -vfi @@ -180,6 +179,10 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc %{_libdir}/pkgconfig/xmlsec1-nss.pc %changelog +* Mon May 13 2024 Tomas Halman - 1.2.25-5 +- Fix memory leaks found by SAST + Resolves: RHEL-36185 + * Thu Apr 12 2018 John Dennis - 1.2.25-4 - Resolves: rhbz#1566748 xmlSecOpenSSLX509DataNodeRead fails to return error