rpms / opencryptoki

Clone
Source Code
GIT

Blame SOURCES/opencryptoki-3.18.0-memory_leak.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5b2e5a09d0f1ac725d59cfffab3cbb1797a2d0a8
  2.   SOURCES
  3.   opencryptoki-3.18.0-memory_leak.patch
Blob History Raw
5b2e5a 
commit d5ccb00e52f5b0c66533f085cda36f63f7583d44
5b2e5a 
Author: Ingo Franzki <ifranzki@linux.ibm.com>
5b2e5a 
Date:   Tue Jul 19 16:16:55 2022 +0200
5b2e5a
5b2e5a 
    common: fix memory leak in save_private_token_object
5b2e5a
5b2e5a 
    Reported by coverty scan:
5b2e5a
5b2e5a 
    Error: RESOURCE_LEAK (CWE-772):
5b2e5a 
    opencryptoki-3.18.0/usr/lib/common/loadsave.c:2311: alloc_fn:
5b2e5a 
    Storage is returned from allocation function "fopen".
5b2e5a 
    opencryptoki-3.18.0/usr/lib/common/loadsave.c:2311: var_assign:
5b2e5a 
    Assigning: "fp" = storage returned from "fopen(fname, "r")".
5b2e5a 
    opencryptoki-3.18.0/usr/lib/common/loadsave.c:2316: noescape:
5b2e5a 
    Resource "fp" is not freed or pointed-to in "fileno".
5b2e5a 
    opencryptoki-3.18.0/usr/lib/common/loadsave.c:2407: overwrite_var:
5b2e5a 
    Overwriting "fp" in "fp = fopen(fname, "w")" leaks the storage that "fp" points to.
5b2e5a
5b2e5a 
    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
5b2e5a
5b2e5a 
diff --git a/usr/lib/common/loadsave.c b/usr/lib/common/loadsave.c
5b2e5a 
index bbd691c0..91955f47 100644
5b2e5a 
--- a/usr/lib/common/loadsave.c
5b2e5a 
+++ b/usr/lib/common/loadsave.c
5b2e5a 
@@ -2344,6 +2344,8 @@ CK_RV save_private_token_object(STDLL_TokData_t *tokdata, OBJECT *obj)
5b2e5a 
         /* New token objects files created by mkstemp have a size of zero */
5b2e5a 
         if (sb.st_size == 0) {
5b2e5a 
             new = 1;
5b2e5a 
+            fclose(fp);
5b2e5a 
+            fp = NULL;
5b2e5a 
             goto do_work;
5b2e5a 
         }
5b2e5a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation