diff --git a/digest-list-tools.spec b/digest-list-tools.spec
index da8e6ec..170adaf 100644
--- a/digest-list-tools.spec
+++ b/digest-list-tools.spec
@@ -1,6 +1,6 @@
 name:           digest-list-tools
 Version:        0.3.95
-Release:        6
+Release:        7
 Summary:        Utilities for IMA Digest Lists extension
 
 Source0:        https://gitee.com/openeuler/%{name}/repository/archive/v%{version}.tar.gz
@@ -13,6 +13,8 @@ Patch1:         fix-digestlist-conf-warning.patch
 Patch2:         fix-a-typo-in-kernel_lib.h.patch
 Patch3:         fix-duplicated-kernel-parameters.patch
 Patch4:		Fix-sm3-algorithm-name.patch
+Patch5: 	fix-faulty-code.patch
+Patch6: 	fix-file-resource-leakage-and-memory-leakage.patch
 
 BuildRequires:  autoconf automake libcurl-devel libtool rpm-devel dracut gzip
 BuildRequires:  libcap-devel libcmocka-devel libselinux-devel
@@ -124,6 +126,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/%{name}.1.gz
 
 %changelog
+* Tue Aug 16 2022 shenxiangwei <shenxiangwei1@huawei.com> - 0.3.95-7
+- Fix faulty code, file resource leakeage and memory leakage
+
 * Sat Jul 30 2022 luhuaxin <luhuaxin1@huawei.com> - 0.3.95-6
 - Fix sm3 algorithm name
 
diff --git a/fix-faulty-code.patch b/fix-faulty-code.patch
new file mode 100644
index 0000000..f8fc6cb
--- /dev/null
+++ b/fix-faulty-code.patch
@@ -0,0 +1,82 @@
+From f078f852fa618f9f3a6553ff25eafd21cae0b3c1 Mon Sep 17 00:00:00 2001
+From: shenxiangwei <shenxiangwei1@huawei.com>
+Date: Tue, 2 Aug 2022 21:11:44 +0800
+Subject: [PATCH 1/2] fix faulty code
+
+Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
+---
+ lib/crypto.c     | 4 ++--
+ lib/xattr.c      | 3 +++
+ parsers/rpm.c    | 4 ++--
+ src/rpm_parser.c | 4 ++--
+ 4 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/lib/crypto.c b/lib/crypto.c
+index d81992e..5397feb 100644
+--- a/lib/crypto.c
++++ b/lib/crypto.c
+@@ -314,7 +314,7 @@ static int sign_file(int dirfd, char *filename, char *key_path, char *keypass,
+ 	memcpy(buf + asn1->size, digest, digest_len);
+ 
+ 	sig_len = RSA_private_encrypt(digest_len + asn1->size, buf, sig, k->key,
+-				      RSA_PKCS1_PADDING);
++				      RSA_PKCS1_OAEP_PADDING);
+ 	if (sig_len < 0) {
+ 		printf("RSA_private_encrypt() failed: %d\n", sig_len);
+ 		goto out_buf;
+@@ -403,7 +403,7 @@ static int verify_common(struct list_head *head, int dirfd, char *filename,
+ 		goto out;
+ 	}
+ 
+-	ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_PADDING);
++	ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_OAEP_PADDING);
+ 	if (ret < 0) {
+ 		printf("RSA_public_decrypt() failed: %d\n", ret);
+ 		goto out;
+diff --git a/lib/xattr.c b/lib/xattr.c
+index 2aa9c96..3bfb35c 100644
+--- a/lib/xattr.c
++++ b/lib/xattr.c
+@@ -132,6 +132,9 @@ int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,
+ 		return -ENODATA;
+ 
+ 	*buf_len = ret;
++	if (*buf_len > 65536)
++		return -ENOMEM;
++
+ 	*buf = malloc(*buf_len);
+ 	if (!*buf)
+ 		return -ENOMEM;
+diff --git a/parsers/rpm.c b/parsers/rpm.c
+index e344e30..fc6122e 100644
+--- a/parsers/rpm.c
++++ b/parsers/rpm.c
+@@ -135,8 +135,8 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
+ 
+ 	for (i = 0; i < digests_count && digests < bufendp; i++) {
+ 		u16 modifiers = 0;
+-		int digest_str_len = strlen(digests);
+-		int basename_str_len = strlen(basenames);
++		size_t digest_str_len = strlen(digests);
++		size_t basename_str_len = strlen(basenames);
+ 		int filecaps_str_len = filecaps ? strlen(filecaps) : 0;
+ 		char *obj_label;
+ 		u16 mode = 0;
+diff --git a/src/rpm_parser.c b/src/rpm_parser.c
+index 2cb4219..abb4754 100644
+--- a/src/rpm_parser.c
++++ b/src/rpm_parser.c
+@@ -164,8 +164,8 @@ static int parse_rpm(int fd_ima, int add, char *path, struct stat *st)
+ 		algo = pgp_algo_mapping[be32_to_cpu(*(u32 *)algo_buf)];
+ 
+ 	for (i = 0; i < digests_count && digests < bufendp; i++) {
+-		int digest_str_len = strlen(digests);
+-		int basename_str_len = strlen(basenames);
++		size_t digest_str_len = strlen(digests);
++		size_t basename_str_len = strlen(basenames);
+ 		u32 dirindex = 0;
+ 
+ 		if ((basenames &&
+-- 
+2.27.0
+
diff --git a/fix-file-resource-leakage-and-memory-leakage.patch b/fix-file-resource-leakage-and-memory-leakage.patch
new file mode 100644
index 0000000..bcb9359
--- /dev/null
+++ b/fix-file-resource-leakage-and-memory-leakage.patch
@@ -0,0 +1,98 @@
+From 3e08ccc4c5bca26df1c3b7542868cf2a457fa6ec Mon Sep 17 00:00:00 2001
+From: shenxiangwei <shenxiangwei1@huawei.com>
+Date: Tue, 16 Aug 2022 08:34:37 +0800
+Subject: [PATCH 2/2] fix file resource leakage and memory leakage
+
+Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
+---
+ generators/unknown.c      |  2 +-
+ lib/xattr.c               | 14 ++++++++++++++
+ parsers/rpm.c             |  2 +-
+ src/manage_digest_lists.c |  4 ++--
+ 4 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/generators/unknown.c b/generators/unknown.c
+index ad17a23..85f348f 100644
+--- a/generators/unknown.c
++++ b/generators/unknown.c
+@@ -217,7 +217,7 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
+ 		if (!ret)
+ 			ret = write_check(fd, "\n", 1);
+ 
+-		return ret;
++		goto out;
+ 	}
+ 
+ 	if (!tlv) {
+diff --git a/lib/xattr.c b/lib/xattr.c
+index 3bfb35c..166aa2e 100644
+--- a/lib/xattr.c
++++ b/lib/xattr.c
+@@ -129,19 +129,33 @@ int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,
+ 
+ 	ret = fgetxattr(fd, XATTR_NAME_IMA, NULL, 0);
+ 	if (ret < 0)
++	{
++		close(fd);
+ 		return -ENODATA;
++	}
+ 
+ 	*buf_len = ret;
+ 	if (*buf_len > 65536)
++	{
++		close(fd);
+ 		return -ENOMEM;
++	}
+ 
+ 	*buf = malloc(*buf_len);
+ 	if (!*buf)
++	{
++		close(fd);
+ 		return -ENOMEM;
++	}
+ 
+ 	ret = fgetxattr(fd, XATTR_NAME_IMA, *buf, ret);
+ 	if (ret < 0)
++	{
++		free(*buf);
++		*buf = NULL;
++		close(fd);
+ 		return -ENODATA;
++	}
+ 
+ 	ret = parse_ima_xattr(*buf, *buf_len, keyid, keyid_len, sig, sig_len,
+ 			      algo);
+diff --git a/parsers/rpm.c b/parsers/rpm.c
+index fc6122e..0f165b6 100644
+--- a/parsers/rpm.c
++++ b/parsers/rpm.c
+@@ -272,7 +272,7 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
+ 		}
+ 
+ 		if (ret < 0)
+-			return ret;
++			goto out;
+ 	}
+ out:
+ 	free(dirnames_ptr);
+diff --git a/src/manage_digest_lists.c b/src/manage_digest_lists.c
+index 1dc3a43..0eb4233 100644
+--- a/src/manage_digest_lists.c
++++ b/src/manage_digest_lists.c
+@@ -206,11 +206,11 @@ int main(int argc, char *argv[])
+ 	if (op == PARSER_OP_GEN_IMA_LIST) {
+ 		ret = ima_copy_boot_aggregate(fd);
+ 		if (ret < 0)
+-			return ret;
++			goto out_close_fd;
+ 
+ 		ret = ima_generate_entry(-1, fd, "", IMA_KEY_PATH);
+ 		if (ret < 0)
+-			return ret;
++			goto out_close_fd;
+ 	}
+ 
+ 	for (i = 0; i < COMPACT__LAST; i++) {
+-- 
+2.27.0
+