Bug 500815
| Summary: | [PEM] fix gcc warnings leading to undefined behavior | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Kamil Dudka <kdudka> | ||||
| Component: | nss | Assignee: | Elio Maldonado Batiz <emaldona> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 10 | CC: | kengert, rcritten | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 3.12.3.99.3-2.10.4.fc10 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2009-07-19 10:25:42 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 501138 | ||||||
| Attachments: |
|
||||||
While reviewing this patch I noticed that in psession.c make_key creates an MD5Context and doesn't call MD5_DestroyContext to dispose of it. It doesn't clear the buffer first either. I'll log this as a separate memory leak bug. Good catch. In fact I've not tested loading of a private key protected by password with valgrind at all yet. Elio, please append the following one-line patch to your bugfix for psession.c:
diff -ruNp psession.c psession.c
--- psession.c 2009-05-17 21:43:26.148306000 +0200
+++ psession.c 2009-05-17 21:45:30.999391394 +0200
@@ -391,6 +391,7 @@ pem_mdSession_Login
if (rv != SECSuccess)
goto loser;
+ nss_ZFreeIf(output);
return CKR_OK;
loser:
(In reply to comment #3) Kamil, freeing output on success and returning CKR_OK may not be enough. Doesn't the arena need to be freed as well? The pem_DestroyPrivateKey() function should do it for us already. I think this is actually wrong place to discuss psession's memory leaks, we should move to bug 501191. This bug is about gcc warnings. Sorry for starting it here :-) nss-3.12.3.99.3-2.11.3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/nss-3.12.3.99.3-2.11.3.fc11 nss-3.12.3.99.3-2.11.3.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update nss'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-6948 nss-3.12.3.99.3-2.10.4.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update nss'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-7017 nss-3.12.3.99.3-2.11.3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. nss-3.12.3.99.3-2.10.4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 343942 [details] proposed patch Description of problem: While building the PEM module I can see a lot of (potentially dangerous) gcc warnings. Version-Release number of selected component (if applicable): nss-3.12.3-7.fc12 Expected results: no gcc warnings Additional info: patch ready