Bug 1545991

Summary: Coverity uncovered several issues in pcsc-lite that should be addressed.
Product: Red Hat Enterprise Linux 7 Reporter: Bob Relyea <rrelyea>
Component: pcsc-liteAssignee: Bob Relyea <rrelyea>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.0CC: rpattath, rrelyea, smoroney
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcsc-lite-1.8.8-8.el7 Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 11:35:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bob Relyea 2018-02-16 02:15:04 UTC 
pcsc-lite:

security related:
should use secure_getenv(). 
 11. pcsc-lite-1.8.8/src/sd-daemon.c:98: tainted_data_return: Function "getenv" returns tainted data.
12. pcsc-lite-1.8.8/src/sd-daemon.c:98: var_assign: Assigning: "e" = "getenv", which taints "e".
15. pcsc-lite-1.8.8/src/sd-daemon.c:104: tainted_data_transitive: Call to function "strtoul" with tainted argument "e" returns tainted data.
16. pcsc-lite-1.8.8/src/sd-daemon.c:104: var_assign: Assigning: "l" = "strtoul", which taints "l".
22. pcsc-lite-1.8.8/src/sd-daemon.c:116: tainted_data: Using tainted variable "3 + (int)l" as a loop boundary. 
---------------------------------
Dead code:

csc-lite-1.8.8/src/winscard_svc.c:857: assigned_value: Assigning value "2148532230L" to "retval" here, but that stored value is overwritten before it can be used.
missing return in error path. 
--------------------------------
CPPChecks:

1. pcsc-lite-1.8.8/src/configfile.l:196: error[memleakOnRealloc]: Common realloc mistake: 'reader_list' nulled but not freed upon failure 

---------------------------------
Clang
bugs in error paths

pcsc-lite-1.8.8/src/winscard_clnt.c:3109:9: warning: Potential leak of memory pointed to by 'buf'
pcsc-lite-1.8.8/src/winscard_clnt.c:1580:9: warning: Potential leak of memory pointed to by 'bufAtr'  
pcsc-lite-1.8.8/src/winscard_clnt.c:1552:9: warning: Potential leak of memory pointed to by 'bufReader'
Comment 3 Bob Relyea 2018-06-21 16:53:12 UTC 
fixed in pcsc-lite-1.8.8-8.el7
Comment 5 Roshni 2018-08-01 15:24:17 UTC 
[root@dhcp129-188 ~]# rpm -qi pcsc-lite
Name        : pcsc-lite
Version     : 1.8.8
Release     : 8.el7
Architecture: x86_64
Install Date: Tue 31 Jul 2018 10:05:43 AM EDT
Group       : System Environment/Daemons
Size        : 634433
License     : BSD
Signature   : RSA/SHA256, Thu 21 Jun 2018 01:27:19 PM EDT, Key ID 199e2f91fd431d51
Source RPM  : pcsc-lite-1.8.8-8.el7.src.rpm
Build Date  : Wed 23 May 2018 07:57:21 PM EDT
Build Host  : x86-019.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pcsclite.alioth.debian.org/
Summary     : PC/SC Lite smart card framework and applications
Description :

Coverity scan is successful on the errata for this build.
Comment 9 errata-xmlrpc 2018-10-30 11:35:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3257