!41 Fix faulty code, file resource leakage and memory leakage
From: @godvi Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
This commit is contained in:
openeuler-ci-bot
Gitee
commit
646f949ce6
@ -1,6 +1,6 @@
|
||||
name: digest-list-tools
|
||||
Version: 0.3.95
|
||||
Release: 6
|
||||
Release: 7
|
||||
Summary: Utilities for IMA Digest Lists extension
|
||||
|
||||
Source0: https://gitee.com/openeuler/%{name}/repository/archive/v%{version}.tar.gz
|
||||
@ -13,6 +13,8 @@ Patch1: fix-digestlist-conf-warning.patch
|
||||
Patch2: fix-a-typo-in-kernel_lib.h.patch
|
||||
Patch3: fix-duplicated-kernel-parameters.patch
|
||||
Patch4: Fix-sm3-algorithm-name.patch
|
||||
Patch5: fix-faulty-code.patch
|
||||
Patch6: fix-file-resource-leakage-and-memory-leakage.patch
|
||||
|
||||
BuildRequires: autoconf automake libcurl-devel libtool rpm-devel dracut gzip
|
||||
BuildRequires: libcap-devel libcmocka-devel libselinux-devel
|
||||
@ -124,6 +126,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man1/%{name}.1.gz
|
||||
|
||||
%changelog
|
||||
* Tue Aug 16 2022 shenxiangwei <shenxiangwei1@huawei.com> - 0.3.95-7
|
||||
- Fix faulty code, file resource leakeage and memory leakage
|
||||
|
||||
* Sat Jul 30 2022 luhuaxin <luhuaxin1@huawei.com> - 0.3.95-6
|
||||
- Fix sm3 algorithm name
|
||||
|
||||
|
||||
82
fix-faulty-code.patch
Normal file
82
fix-faulty-code.patch
Normal file
@ -0,0 +1,82 @@
|
||||
From f078f852fa618f9f3a6553ff25eafd21cae0b3c1 Mon Sep 17 00:00:00 2001
|
||||
From: shenxiangwei <shenxiangwei1@huawei.com>
|
||||
Date: Tue, 2 Aug 2022 21:11:44 +0800
|
||||
Subject: [PATCH 1/2] fix faulty code
|
||||
|
||||
Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
|
||||
---
|
||||
lib/crypto.c | 4 ++--
|
||||
lib/xattr.c | 3 +++
|
||||
parsers/rpm.c | 4 ++--
|
||||
src/rpm_parser.c | 4 ++--
|
||||
4 files changed, 9 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto.c b/lib/crypto.c
|
||||
index d81992e..5397feb 100644
|
||||
--- a/lib/crypto.c
|
||||
+++ b/lib/crypto.c
|
||||
@@ -314,7 +314,7 @@ static int sign_file(int dirfd, char *filename, char *key_path, char *keypass,
|
||||
memcpy(buf + asn1->size, digest, digest_len);
|
||||
|
||||
sig_len = RSA_private_encrypt(digest_len + asn1->size, buf, sig, k->key,
|
||||
- RSA_PKCS1_PADDING);
|
||||
+ RSA_PKCS1_OAEP_PADDING);
|
||||
if (sig_len < 0) {
|
||||
printf("RSA_private_encrypt() failed: %d\n", sig_len);
|
||||
goto out_buf;
|
||||
@@ -403,7 +403,7 @@ static int verify_common(struct list_head *head, int dirfd, char *filename,
|
||||
goto out;
|
||||
}
|
||||
|
||||
- ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_PADDING);
|
||||
+ ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_OAEP_PADDING);
|
||||
if (ret < 0) {
|
||||
printf("RSA_public_decrypt() failed: %d\n", ret);
|
||||
goto out;
|
||||
diff --git a/lib/xattr.c b/lib/xattr.c
|
||||
index 2aa9c96..3bfb35c 100644
|
||||
--- a/lib/xattr.c
|
||||
+++ b/lib/xattr.c
|
||||
@@ -132,6 +132,9 @@ int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,
|
||||
return -ENODATA;
|
||||
|
||||
*buf_len = ret;
|
||||
+ if (*buf_len > 65536)
|
||||
+ return -ENOMEM;
|
||||
+
|
||||
*buf = malloc(*buf_len);
|
||||
if (!*buf)
|
||||
return -ENOMEM;
|
||||
diff --git a/parsers/rpm.c b/parsers/rpm.c
|
||||
index e344e30..fc6122e 100644
|
||||
--- a/parsers/rpm.c
|
||||
+++ b/parsers/rpm.c
|
||||
@@ -135,8 +135,8 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
|
||||
|
||||
for (i = 0; i < digests_count && digests < bufendp; i++) {
|
||||
u16 modifiers = 0;
|
||||
- int digest_str_len = strlen(digests);
|
||||
- int basename_str_len = strlen(basenames);
|
||||
+ size_t digest_str_len = strlen(digests);
|
||||
+ size_t basename_str_len = strlen(basenames);
|
||||
int filecaps_str_len = filecaps ? strlen(filecaps) : 0;
|
||||
char *obj_label;
|
||||
u16 mode = 0;
|
||||
diff --git a/src/rpm_parser.c b/src/rpm_parser.c
|
||||
index 2cb4219..abb4754 100644
|
||||
--- a/src/rpm_parser.c
|
||||
+++ b/src/rpm_parser.c
|
||||
@@ -164,8 +164,8 @@ static int parse_rpm(int fd_ima, int add, char *path, struct stat *st)
|
||||
algo = pgp_algo_mapping[be32_to_cpu(*(u32 *)algo_buf)];
|
||||
|
||||
for (i = 0; i < digests_count && digests < bufendp; i++) {
|
||||
- int digest_str_len = strlen(digests);
|
||||
- int basename_str_len = strlen(basenames);
|
||||
+ size_t digest_str_len = strlen(digests);
|
||||
+ size_t basename_str_len = strlen(basenames);
|
||||
u32 dirindex = 0;
|
||||
|
||||
if ((basenames &&
|
||||
--
|
||||
2.27.0
|
||||
|
||||
98
fix-file-resource-leakage-and-memory-leakage.patch
Normal file
98
fix-file-resource-leakage-and-memory-leakage.patch
Normal file
@ -0,0 +1,98 @@
|
||||
From 3e08ccc4c5bca26df1c3b7542868cf2a457fa6ec Mon Sep 17 00:00:00 2001
|
||||
From: shenxiangwei <shenxiangwei1@huawei.com>
|
||||
Date: Tue, 16 Aug 2022 08:34:37 +0800
|
||||
Subject: [PATCH 2/2] fix file resource leakage and memory leakage
|
||||
|
||||
Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
|
||||
---
|
||||
generators/unknown.c | 2 +-
|
||||
lib/xattr.c | 14 ++++++++++++++
|
||||
parsers/rpm.c | 2 +-
|
||||
src/manage_digest_lists.c | 4 ++--
|
||||
4 files changed, 18 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/generators/unknown.c b/generators/unknown.c
|
||||
index ad17a23..85f348f 100644
|
||||
--- a/generators/unknown.c
|
||||
+++ b/generators/unknown.c
|
||||
@@ -217,7 +217,7 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
|
||||
if (!ret)
|
||||
ret = write_check(fd, "\n", 1);
|
||||
|
||||
- return ret;
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
if (!tlv) {
|
||||
diff --git a/lib/xattr.c b/lib/xattr.c
|
||||
index 3bfb35c..166aa2e 100644
|
||||
--- a/lib/xattr.c
|
||||
+++ b/lib/xattr.c
|
||||
@@ -129,19 +129,33 @@ int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,
|
||||
|
||||
ret = fgetxattr(fd, XATTR_NAME_IMA, NULL, 0);
|
||||
if (ret < 0)
|
||||
+ {
|
||||
+ close(fd);
|
||||
return -ENODATA;
|
||||
+ }
|
||||
|
||||
*buf_len = ret;
|
||||
if (*buf_len > 65536)
|
||||
+ {
|
||||
+ close(fd);
|
||||
return -ENOMEM;
|
||||
+ }
|
||||
|
||||
*buf = malloc(*buf_len);
|
||||
if (!*buf)
|
||||
+ {
|
||||
+ close(fd);
|
||||
return -ENOMEM;
|
||||
+ }
|
||||
|
||||
ret = fgetxattr(fd, XATTR_NAME_IMA, *buf, ret);
|
||||
if (ret < 0)
|
||||
+ {
|
||||
+ free(*buf);
|
||||
+ *buf = NULL;
|
||||
+ close(fd);
|
||||
return -ENODATA;
|
||||
+ }
|
||||
|
||||
ret = parse_ima_xattr(*buf, *buf_len, keyid, keyid_len, sig, sig_len,
|
||||
algo);
|
||||
diff --git a/parsers/rpm.c b/parsers/rpm.c
|
||||
index fc6122e..0f165b6 100644
|
||||
--- a/parsers/rpm.c
|
||||
+++ b/parsers/rpm.c
|
||||
@@ -272,7 +272,7 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
|
||||
}
|
||||
|
||||
if (ret < 0)
|
||||
- return ret;
|
||||
+ goto out;
|
||||
}
|
||||
out:
|
||||
free(dirnames_ptr);
|
||||
diff --git a/src/manage_digest_lists.c b/src/manage_digest_lists.c
|
||||
index 1dc3a43..0eb4233 100644
|
||||
--- a/src/manage_digest_lists.c
|
||||
+++ b/src/manage_digest_lists.c
|
||||
@@ -206,11 +206,11 @@ int main(int argc, char *argv[])
|
||||
if (op == PARSER_OP_GEN_IMA_LIST) {
|
||||
ret = ima_copy_boot_aggregate(fd);
|
||||
if (ret < 0)
|
||||
- return ret;
|
||||
+ goto out_close_fd;
|
||||
|
||||
ret = ima_generate_entry(-1, fd, "", IMA_KEY_PATH);
|
||||
if (ret < 0)
|
||||
- return ret;
|
||||
+ goto out_close_fd;
|
||||
}
|
||||
|
||||
for (i = 0; i < COMPACT__LAST; i++) {
|
||||
--
|
||||
2.27.0
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user