commit 50408fc3ae0f25b256dda2033d538f88c9b4f903 Author: Ingo Franzki Date: Mon Jul 5 16:02:28 2021 +0200 COMMON: Fix memory leaks Signed-off-by: Ingo Franzki diff --git a/usr/lib/common/mech_aes.c b/usr/lib/common/mech_aes.c index 59f82482..a1241693 100644 --- a/usr/lib/common/mech_aes.c +++ b/usr/lib/common/mech_aes.c @@ -2359,6 +2359,8 @@ CK_RV aes_mac_sign(STDLL_TokData_t *tokdata, memcpy(out_data, ((AES_DATA_CONTEXT *) ctx->context)->iv, mac_len); *out_data_len = mac_len; + sign_mgr_cleanup(tokdata, sess, ctx); + return rc; } } @@ -2497,6 +2499,8 @@ CK_RV aes_mac_sign_final(STDLL_TokData_t *tokdata, memcpy(out_data, context->iv, mac_len); *out_data_len = mac_len; + sign_mgr_cleanup(tokdata, sess, ctx); + return rc; } @@ -2554,8 +2558,12 @@ CK_RV aes_mac_verify(STDLL_TokData_t *tokdata, } if (CRYPTO_memcmp(out_data, ((AES_DATA_CONTEXT *) ctx->context)->iv, - out_data_len) == 0) + out_data_len) == 0) { + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_OK; + } + + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_SIGNATURE_INVALID; } @@ -2685,8 +2693,12 @@ CK_RV aes_mac_verify_final(STDLL_TokData_t *tokdata, } } - if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) + if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) { + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_OK; + } + + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_SIGNATURE_INVALID; } @@ -2766,6 +2778,8 @@ CK_RV aes_cmac_sign(STDLL_TokData_t *tokdata, memcpy(out_data, ((AES_CMAC_CONTEXT *) ctx->context)->iv, mac_len); *out_data_len = mac_len; + sign_mgr_cleanup(tokdata, sess, ctx); + done: object_put(tokdata, key_obj, TRUE); key_obj = NULL; @@ -2913,6 +2927,8 @@ done: object_put(tokdata, key_obj, TRUE); key_obj = NULL; + sign_mgr_cleanup(tokdata, sess, ctx); + return rc; } @@ -2969,9 +2985,12 @@ CK_RV aes_cmac_verify(STDLL_TokData_t *tokdata, if (CRYPTO_memcmp(out_data, ((AES_CMAC_CONTEXT *) ctx->context)->iv, out_data_len) == 0) { + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_OK; } + verify_mgr_cleanup(tokdata, sess, ctx); + return CKR_SIGNATURE_INVALID; } @@ -3105,8 +3124,12 @@ CK_RV aes_cmac_verify_final(STDLL_TokData_t *tokdata, return rc; } - if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) + if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) { + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_OK; + } + + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_SIGNATURE_INVALID; } diff --git a/usr/lib/common/mech_des3.c b/usr/lib/common/mech_des3.c index 591ad3fa..3582102a 100644 --- a/usr/lib/common/mech_des3.c +++ b/usr/lib/common/mech_des3.c @@ -2006,6 +2006,8 @@ CK_RV des3_mac_sign(STDLL_TokData_t *tokdata, *out_data_len = mac_len; + sign_mgr_cleanup(tokdata, sess, ctx); + return rc; } } @@ -2144,6 +2146,8 @@ CK_RV des3_mac_sign_final(STDLL_TokData_t *tokdata, *out_data_len = mac_len; + sign_mgr_cleanup(tokdata, sess, ctx); + return rc; } @@ -2197,8 +2201,12 @@ CK_RV des3_mac_verify(STDLL_TokData_t *tokdata, key_obj = NULL; if (CRYPTO_memcmp(out_data, ((DES_DATA_CONTEXT *) ctx->context)->iv, - out_data_len) == 0) + out_data_len) == 0) { + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_OK; + } + + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_SIGNATURE_INVALID; } @@ -2328,8 +2336,12 @@ CK_RV des3_mac_verify_final(STDLL_TokData_t *tokdata, } } - if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) + if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) { + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_OK; + } + + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_SIGNATURE_INVALID; } @@ -2410,6 +2422,8 @@ CK_RV des3_cmac_sign(STDLL_TokData_t *tokdata, object_put(tokdata, key_obj, TRUE); key_obj = NULL; + sign_mgr_cleanup(tokdata, sess, ctx); + return rc; } @@ -2553,6 +2567,8 @@ done: object_put(tokdata, key_obj, TRUE); key_obj = NULL; + sign_mgr_cleanup(tokdata, sess, ctx); + return rc; } @@ -2605,8 +2621,12 @@ CK_RV des3_cmac_verify(STDLL_TokData_t *tokdata, if (CRYPTO_memcmp(out_data, ((DES_CMAC_CONTEXT *) ctx->context)->iv, out_data_len) == 0) { + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_OK; } + + verify_mgr_cleanup(tokdata, sess, ctx); + return CKR_SIGNATURE_INVALID; } @@ -2739,8 +2759,12 @@ CK_RV des3_cmac_verify_final(STDLL_TokData_t *tokdata, ctx->context_free_func = des3_cmac_cleanup; - if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) + if (CRYPTO_memcmp(signature, context->iv, signature_len) == 0) { + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_OK; + } + + verify_mgr_cleanup(tokdata, sess, ctx); return CKR_SIGNATURE_INVALID; } diff --git a/usr/lib/common/new_host.c b/usr/lib/common/new_host.c index d01091f9..8bff6ada 100644 --- a/usr/lib/common/new_host.c +++ b/usr/lib/common/new_host.c @@ -174,6 +174,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber, if (rc != 0) { sltp->FcnList = NULL; detach_shm(sltp->TokData, 0); + final_data_store(sltp->TokData); if (sltp->TokData) free(sltp->TokData); sltp->TokData = NULL; @@ -186,6 +187,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber, rc = load_token_data(sltp->TokData, SlotNumber); if (rc != CKR_OK) { sltp->FcnList = NULL; + final_data_store(sltp->TokData); if (sltp->TokData) free(sltp->TokData); sltp->TokData = NULL; @@ -218,6 +220,7 @@ done: SC_Finalize(sltp->TokData, SlotNumber, sinfp, NULL, 0); } else { CloseXProcLock(sltp->TokData); + final_data_store(sltp->TokData); free(sltp->TokData); sltp->TokData = NULL; } diff --git a/usr/lib/ep11_stdll/new_host.c b/usr/lib/ep11_stdll/new_host.c index a0e7517c..45f13551 100644 --- a/usr/lib/ep11_stdll/new_host.c +++ b/usr/lib/ep11_stdll/new_host.c @@ -164,6 +164,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber, if (rc != 0) { sltp->FcnList = NULL; detach_shm(sltp->TokData, 0); + final_data_store(sltp->TokData); if (sltp->TokData) free(sltp->TokData); sltp->TokData = NULL; @@ -176,6 +177,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber, rc = load_token_data(sltp->TokData, SlotNumber); if (rc != CKR_OK) { sltp->FcnList = NULL; + final_data_store(sltp->TokData); if (sltp->TokData) free(sltp->TokData); sltp->TokData = NULL; @@ -208,6 +210,7 @@ done: SC_Finalize(sltp->TokData, SlotNumber, sinfp, NULL, 0); } else { CloseXProcLock(sltp->TokData); + final_data_store(sltp->TokData); free(sltp->TokData); sltp->TokData = NULL; } diff --git a/usr/lib/icsf_stdll/new_host.c b/usr/lib/icsf_stdll/new_host.c index 09e9d27a..eed632c3 100644 --- a/usr/lib/icsf_stdll/new_host.c +++ b/usr/lib/icsf_stdll/new_host.c @@ -162,6 +162,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber, if (rc != 0) { sltp->FcnList = NULL; detach_shm(sltp->TokData, 0); + final_data_store(sltp->TokData); if (sltp->TokData) free(sltp->TokData); sltp->TokData = NULL; @@ -174,6 +175,7 @@ CK_RV ST_Initialize(API_Slot_t *sltp, CK_SLOT_ID SlotNumber, rc = load_token_data(sltp->TokData, SlotNumber); if (rc != CKR_OK) { sltp->FcnList = NULL; + final_data_store(sltp->TokData); if (sltp->TokData) free(sltp->TokData); sltp->TokData = NULL; @@ -206,6 +208,7 @@ done: SC_Finalize(sltp->TokData, SlotNumber, sinfp, NULL, 0); } else { CloseXProcLock(sltp->TokData); + final_data_store(sltp->TokData); free(sltp->TokData); sltp->TokData = NULL; } diff --git a/usr/lib/tpm_stdll/tpm_specific.c b/usr/lib/tpm_stdll/tpm_specific.c index 45bc4b78..c7557108 100644 --- a/usr/lib/tpm_stdll/tpm_specific.c +++ b/usr/lib/tpm_stdll/tpm_specific.c @@ -213,6 +213,10 @@ CK_RV token_specific_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber, } tpm_data = (tpm_private_data_t *)calloc(1, sizeof(tpm_private_data_t)); + if (tpm_data == NULL) { + TRACE_ERROR("calloc failed\n"); + return CKR_HOST_MEMORY; + } tokdata->private_data = tpm_data; tpm_data->tspContext = NULL_HCONTEXT; @@ -221,12 +225,15 @@ CK_RV token_specific_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber, result = Tspi_Context_Create(&tpm_data->tspContext); if (result) { TRACE_ERROR("Tspi_Context_Create failed. rc=0x%x\n", result); + free(tpm_data); return CKR_FUNCTION_FAILED; } result = Tspi_Context_Connect(tpm_data->tspContext, NULL); if (result) { TRACE_ERROR("Tspi_Context_Connect failed. rc=0x%x\n", result); + Tspi_Context_Close(tpm_data->tspContext); + free(tpm_data); return CKR_FUNCTION_FAILED; } @@ -234,6 +241,8 @@ CK_RV token_specific_init(STDLL_TokData_t * tokdata, CK_SLOT_ID SlotNumber, &tpm_data->hDefaultPolicy); if (result) { TRACE_ERROR("Tspi_Context_GetDefaultPolicy failed. rc=0x%x\n", result); + Tspi_Context_Close(tpm_data->tspContext); + free(tpm_data); return CKR_FUNCTION_FAILED; }