diff --git a/backport-fix-memory-handling-in-slot-refresh.patch b/backport-fix-memory-handling-in-slot-refresh.patch new file mode 100644 index 0000000000000000000000000000000000000000..4f640587c71a0807cf76c86b7662a50c4671a3e9 --- /dev/null +++ b/backport-fix-memory-handling-in-slot-refresh.patch @@ -0,0 +1,94 @@ +From 6c96847f1f52a5ccc76e8f8d14820cc4d6af1ecb Mon Sep 17 00:00:00 2001 +From: Pavol Marko +Date: Fri, 16 Jun 2023 21:04:22 +0000 +Subject: [PATCH] Fix memory handling in slot refresh + +On refreshing slots, there were two issues: +- When reusing a PKCS11_SLOT_PRIVATE structure instance, the instance to + be reused was accidentally freed +- Looking for an instance in the list of slots had bugs in pointer + usage. +--- + src/libp11-int.h | 5 +++-- + src/p11_slot.c | 23 ++++++++++++++++------- + 2 files changed, 19 insertions(+), 9 deletions(-) + +diff --git a/src/libp11-int.h b/src/libp11-int.h +index 2d4c48a..fec334c 100644 +--- a/src/libp11-int.h ++++ b/src/libp11-int.h +@@ -216,8 +216,9 @@ extern unsigned long pkcs11_get_slotid_from_slot(PKCS11_SLOT_private *); + /* Increment slot reference count */ + extern PKCS11_SLOT_private *pkcs11_slot_ref(PKCS11_SLOT_private *slot); + +-/* Decrement slot reference count, free if it becomes zero */ +-extern void pkcs11_slot_unref(PKCS11_SLOT_private *slot); ++/* Decrement slot reference count, free if it becomes zero. ++ * Returns 1 if it was freed. */ ++extern int pkcs11_slot_unref(PKCS11_SLOT_private *slot); + + /* Free the list of slots allocated by PKCS11_enumerate_slots() */ + extern void pkcs11_release_all_slots(PKCS11_SLOT *slots, unsigned int nslots); +diff --git a/src/p11_slot.c b/src/p11_slot.c +index 3c00e22..c2e45b5 100644 +--- a/src/p11_slot.c ++++ b/src/p11_slot.c +@@ -76,9 +76,14 @@ int pkcs11_enumerate_slots(PKCS11_CTX_private *ctx, PKCS11_SLOT **slotp, + for (n = 0; n < nslots; n++) { + PKCS11_SLOT_private *slot = NULL; + for (i = 0; i < *countp; i++) { +- if (PRIVSLOT(slotp[i])->id != slotid[n]) ++ PKCS11_SLOT_private *slot_old_private = ++ PRIVSLOT(&((*slotp)[i])); ++ if (slot_old_private->id != slotid[n]) + continue; +- slot = pkcs11_slot_ref(PRIVSLOT(slotp[i])); ++ /* Increase ref count so it doesn't get freed when ref ++ * count is decremented in pkcs11_release_all_slots ++ * at the end of this function. */ ++ slot = pkcs11_slot_ref(slot_old_private); + break; + } + if (!slot) +@@ -420,10 +425,10 @@ PKCS11_SLOT_private *pkcs11_slot_ref(PKCS11_SLOT_private *slot) + return slot; + } + +-void pkcs11_slot_unref(PKCS11_SLOT_private *slot) ++int pkcs11_slot_unref(PKCS11_SLOT_private *slot) + { + if (pkcs11_atomic_add(&slot->refcnt, -1, &slot->lock) != 0) +- return; ++ return 0; + + pkcs11_wipe_cache(slot); + if (slot->prev_pin) { +@@ -434,6 +439,8 @@ void pkcs11_slot_unref(PKCS11_SLOT_private *slot) + OPENSSL_free(slot->session_pool); + pthread_mutex_destroy(&slot->lock); + pthread_cond_destroy(&slot->cond); ++ ++ return 1; + } + + static int pkcs11_init_slot(PKCS11_CTX_private *ctx, PKCS11_SLOT *slot, PKCS11_SLOT_private *spriv) +@@ -473,11 +480,13 @@ static void pkcs11_release_slot(PKCS11_SLOT *slot) + pkcs11_destroy_token(slot->token); + OPENSSL_free(slot->token); + } +- if (spriv) +- pkcs11_slot_unref(spriv); ++ if (spriv) { ++ if (pkcs11_slot_unref(spriv) != 0) { ++ OPENSSL_free(slot->_private); ++ } ++ } + OPENSSL_free(slot->description); + OPENSSL_free(slot->manufacturer); +- OPENSSL_free(slot->_private); + + memset(slot, 0, sizeof(*slot)); + } +-- +2.43.0 + diff --git a/openssl-pkcs11.spec b/openssl-pkcs11.spec index 7863ab01f48a052d2584b5a92cb15a8d5984b614..17c706ed10050e0c87fb3e651debe2b977ec5cf0 100644 --- a/openssl-pkcs11.spec +++ b/openssl-pkcs11.spec @@ -1,11 +1,13 @@ Name: openssl-pkcs11 Version: 0.4.12 -Release: 2 +Release: 3 Summary: A PKCS#11 engine for use with OpenSSL License: LGPLv2+ and BSD URL: https://github.com/OpenSC/libp11 Source0: https://github.com/OpenSC/libp11/releases/download/libp11-%{version}/libp11-%{version}.tar.gz +PATCH6000: backport-fix-memory-handling-in-slot-refresh.patch + BuildRequires: openssl-devel autoconf automake libtool BuildRequires: softhsm opensc procps-ng p11-kit openssl chrpath @@ -82,6 +84,9 @@ make check ||: %exclude %{_defaultdocdir}/libp11/* %changelog +* Fri Nov 1 Wang Jinchao - 0.4.12-3 +- Fix memory handling in slot refresh + * Mon Feb 13 2023 zhouchenchen123 - 0.4.12-2 - fix obs build issue