diff --git a/SOURCES/opencryptoki-3.18.0-memory_leak.patch b/SOURCES/opencryptoki-3.18.0-memory_leak.patch new file mode 100644 index 0000000..743b9d7 --- /dev/null +++ b/SOURCES/opencryptoki-3.18.0-memory_leak.patch @@ -0,0 +1,33 @@ +commit d5ccb00e52f5b0c66533f085cda36f63f7583d44 +Author: Ingo Franzki +Date: Tue Jul 19 16:16:55 2022 +0200 + + common: fix memory leak in save_private_token_object + + Reported by coverty scan: + + Error: RESOURCE_LEAK (CWE-772): + opencryptoki-3.18.0/usr/lib/common/loadsave.c:2311: alloc_fn: + Storage is returned from allocation function "fopen". + opencryptoki-3.18.0/usr/lib/common/loadsave.c:2311: var_assign: + Assigning: "fp" = storage returned from "fopen(fname, "r")". + opencryptoki-3.18.0/usr/lib/common/loadsave.c:2316: noescape: + Resource "fp" is not freed or pointed-to in "fileno". + opencryptoki-3.18.0/usr/lib/common/loadsave.c:2407: overwrite_var: + Overwriting "fp" in "fp = fopen(fname, "w")" leaks the storage that "fp" points to. + + Signed-off-by: Ingo Franzki + +diff --git a/usr/lib/common/loadsave.c b/usr/lib/common/loadsave.c +index bbd691c0..91955f47 100644 +--- a/usr/lib/common/loadsave.c ++++ b/usr/lib/common/loadsave.c +@@ -2344,6 +2344,8 @@ CK_RV save_private_token_object(STDLL_TokData_t *tokdata, OBJECT *obj) + /* New token objects files created by mkstemp have a size of zero */ + if (sb.st_size == 0) { + new = 1; ++ fclose(fp); ++ fp = NULL; + goto do_work; + } + diff --git a/SPECS/opencryptoki.spec b/SPECS/opencryptoki.spec index 01846e7..2e91da4 100644 --- a/SPECS/opencryptoki.spec +++ b/SPECS/opencryptoki.spec @@ -1,7 +1,7 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 Version: 3.18.0 -Release: 4%{?dist} +Release: 5%{?dist} License: CPL URL: https://github.com/opencryptoki/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz @@ -14,6 +14,7 @@ Patch2: opencryptoki-3.18.0-p11sak.patch # upstream patches Patch100: opencryptoki-3.18.0-fix-json-output.patch Patch101: opencryptoki-3.18.0-returning_CKR_BUFFER_TOO_SMALL.patch +Patch102: opencryptoki-3.18.0-memory_leak.patch Requires(pre): coreutils diffutils Requires: (selinux-policy >= 34.1.8-1 if selinux-policy-targeted) @@ -340,6 +341,10 @@ fi %changelog +* Thu Oct 13 2022 Than Ngo - 3.18.0-5 +- opencryptoki C_GenerateKeyPair() fails after generating > 500 RSA keys with CEX7 crypto cards +Resolves: #2128611 + * Fri Jul 29 2022 Than Ngo - 3.18.0-4 - Related: #2044179, do not touch opencryptoki.conf if it is in place already and even if it is unchanged