Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Your coverity link points to file card-entersafe.c (which still has the same "potential issue"). The upstream commit a3fc62f is already in the RHEL7.4 version of OpenSC (we have 0.16.0+ snapshot and this commit is from early 2015 -- it will be missing in previous unsupported version of OpenSC).
Looking closely to the source code, the proposed code path is not possible (in card-entersafe.c), because the sc_file_free() is called only if "r<0" and SC_TEST_RET() is returning for every "r<0". And coverity has some problems with these macros ... sigh ...
Please, clarify what you would like to fix.
Comment 3Huzaifa S. Sidhpurwala
2017-11-06 05:03:33 UTC
(In reply to Jakub Jelen from comment #2)
> Your coverity link points to file card-entersafe.c (which still has the same
> "potential issue"). The upstream commit a3fc62f is already in the RHEL7.4
> version of OpenSC (we have 0.16.0+ snapshot and this commit is from early
> 2015 -- it will be missing in previous unsupported version of OpenSC).
>
The coverity scan uses the latest pkg we have a brew build for that is:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=618792> Looking closely to the source code, the proposed code path is not possible
> (in card-entersafe.c), because the sc_file_free() is called only if "r<0"
> and SC_TEST_RET() is returning for every "r<0". And coverity has some
> problems with these macros ... sigh ...
>
> Please, clarify what you would like to fix.
This is quite possible, in this case, i am going to close this bugs as notabug
Upstream commit a3fc62f79ff867ca2a2c5be24aff1759d3476417 uses the following: - if (file->type == SC_FILE_TYPE_DF) { + if (file && file->type == SC_FILE_TYPE_DF) { in epass2003_select_fid() Coverity called this an UAF, not sure if its reachable or even trigger-able, but would been nice to have this backported. http://cov01.lab.eng.brq.redhat.com/covscanhub/task/60217/log/opensc-0.16.0-5.20170227git777e2a3.el7/scan-results.html#def2