Compare commits
10 Commits
Author | SHA1 | Date |
---|---|---|
Daiki Ueno | d9ce6e80f7 | |
Daiki Ueno | 1df5aabe99 | |
Daiki Ueno | 5271565e94 | |
Daiki Ueno | bc7560ba0b | |
Daiki Ueno | 4fc05b5bd4 | |
Nils Philippsen | 22f18a6fd8 | |
Nils Philippsen | 3c0fdcc0aa | |
Nils Philippsen | 740c206672 | |
Daiki Ueno | 69f8246856 | |
Daiki Ueno | d3b62db6fb |
|
@ -14,3 +14,12 @@
|
|||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.12.tar.gz
|
||||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.14.tar.gz
|
||||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.15.tar.gz
|
||||
/p11-kit-client.service
|
||||
/trust-extract-compat
|
||||
/p11-kit-0.23.16.1.tar.gz
|
||||
|
|
|
@ -1,77 +0,0 @@
|
|||
From 3e68b0054b82eda93b073cc7ad5d20d2158a694c Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <dueno@redhat.com>
|
||||
Date: Mon, 13 Aug 2018 15:23:03 +0200
|
||||
Subject: [PATCH] proxy: Avoid invalid memory access when unloading proxy
|
||||
module
|
||||
|
||||
When loading and unloading p11-kit-proxy.so with pkcs11-tool, it
|
||||
accesses already free'd memory area:
|
||||
|
||||
$ valgrind pkcs11-tool --module p11-kit-proxy.so -L
|
||||
==25173== Invalid read of size 8
|
||||
==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724)
|
||||
==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65)
|
||||
==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so)
|
||||
==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so)
|
||||
==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so)
|
||||
==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so)
|
||||
==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so)
|
||||
==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so)
|
||||
==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool)
|
||||
==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool)
|
||||
==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so)
|
||||
==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd
|
||||
==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530)
|
||||
==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902)
|
||||
==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723)
|
||||
---
|
||||
p11-kit/proxy.c | 17 ++++-------------
|
||||
1 file changed, 4 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
|
||||
index 31b9bb2..b7fb63d 100644
|
||||
--- a/p11-kit/proxy.c
|
||||
+++ b/p11-kit/proxy.c
|
||||
@@ -1720,8 +1720,8 @@ p11_proxy_module_cleanup (void)
|
||||
|
||||
for (; state != NULL; state = next) {
|
||||
next = state->next;
|
||||
- p11_virtual_unwrap (state->wrapped);
|
||||
p11_kit_modules_release (state->loaded);
|
||||
+ p11_virtual_unwrap (state->wrapped);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1731,16 +1731,6 @@ p11_proxy_module_check (CK_FUNCTION_LIST_PTR module)
|
||||
return (module->C_WaitForSlotEvent == module_C_WaitForSlotEvent);
|
||||
}
|
||||
|
||||
-static void
|
||||
-proxy_module_free (p11_virtual *virt)
|
||||
-{
|
||||
- State *state = (State *)virt;
|
||||
-
|
||||
- p11_virtual_unwrap (state->wrapped);
|
||||
- p11_kit_modules_release (state->loaded);
|
||||
- free (state);
|
||||
-}
|
||||
-
|
||||
CK_RV
|
||||
p11_proxy_module_create (CK_FUNCTION_LIST_PTR *module,
|
||||
CK_FUNCTION_LIST_PTR *modules)
|
||||
@@ -1758,9 +1748,10 @@ p11_proxy_module_create (CK_FUNCTION_LIST_PTR *module,
|
||||
p11_virtual_init (&state->virt, &proxy_functions, state, NULL);
|
||||
state->last_handle = FIRST_HANDLE;
|
||||
state->loaded = modules_dup (modules);
|
||||
- state->wrapped = p11_virtual_wrap (&state->virt, (p11_destroyer)proxy_module_free);
|
||||
+ state->wrapped = p11_virtual_wrap (&state->virt, (p11_destroyer)p11_virtual_uninit);
|
||||
if (state->wrapped == NULL) {
|
||||
- proxy_module_free (&state->virt);
|
||||
+ p11_kit_modules_release (state->loaded);
|
||||
+ free (state);
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
||||
--
|
||||
2.17.1
|
||||
|
35
p11-kit.spec
35
p11-kit.spec
|
@ -1,6 +1,6 @@
|
|||
# This spec file has been automatically updated
|
||||
Version: 0.23.13
|
||||
Release: 3%{?dist}
|
||||
Version: 0.23.16.1
|
||||
Release: 1%{?dist}
|
||||
Name: p11-kit
|
||||
Summary: Library for loading and sharing PKCS#11 modules
|
||||
|
||||
|
@ -8,14 +8,13 @@ License: BSD
|
|||
URL: http://p11-glue.freedesktop.org/p11-kit.html
|
||||
Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.gz
|
||||
Source1: trust-extract-compat
|
||||
Source2: p11-kit-client.service
|
||||
Patch: p11-kit-proxy-cleanup.patch
|
||||
Source2: p11-kit-client.service
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libtasn1-devel >= 2.3
|
||||
BuildRequires: libffi-devel
|
||||
BuildRequires: gtk-doc
|
||||
BuildRequires: systemd-devel
|
||||
BuildRequires: systemd-devel
|
||||
# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
|
||||
# Remove this once it is fixed
|
||||
BuildRequires: pkgconfig(glib-2.0)
|
||||
|
@ -36,11 +35,11 @@ developing applications that use %{name}.
|
|||
|
||||
|
||||
%package trust
|
||||
Summary: System trust module from %{name}
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires(post): %{_sbindir}/update-alternatives
|
||||
Requires(postun): %{_sbindir}/update-alternatives
|
||||
Conflicts: nss < 3.14.3-9
|
||||
Summary: System trust module from %{name}
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires(post): %{_sbindir}/update-alternatives
|
||||
Requires(postun): %{_sbindir}/update-alternatives
|
||||
Conflicts: nss < 3.14.3-9
|
||||
|
||||
%description trust
|
||||
The %{name}-trust package contains a system trust PKCS#11 module which
|
||||
|
@ -146,6 +145,22 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu May 23 2019 Daiki Ueno <dueno@redhat.com> - 0.23.16.1-1
|
||||
- Update to upstream 0.23.16.1 release
|
||||
|
||||
* Mon Feb 18 2019 Daiki Ueno <dueno@redhat.com> - 0.23.15-2
|
||||
- trust: Ignore unreadable content in anchors
|
||||
|
||||
* Mon Jan 21 2019 Daiki Ueno <dueno@redhat.com> - 0.23.15-1
|
||||
- Update to upstream 0.23.15 release
|
||||
|
||||
* Fri Jan 11 2019 Nils Philippsen <nils@tiptoe.de> - 0.23.14-2
|
||||
- use spaces instead of tabs consistently
|
||||
- prefer fixed closures to libffi closures (#1656245, patch by Daiki Ueno)
|
||||
|
||||
* Mon Sep 10 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-1
|
||||
- Update to upstream 0.23.14 release
|
||||
|
||||
* Wed Aug 15 2018 Daiki Ueno <dueno@redhat.com> - 0.23.13-3
|
||||
- Forcibly link with libpthread to avoid regressions (rhbz#1615038)
|
||||
|
||||
|
|
4
sources
4
sources
|
@ -1 +1,3 @@
|
|||
SHA512 (p11-kit-0.23.13.tar.gz) = bdf97867250fec20cf7e813bfe4ecee9d613ee0cf245fe5e97c0bc99446fa61e616756ce2785ae98cfd4fe55276ad6070828e1ef8ad154fac0e741ceb038a9c7
|
||||
SHA512 (p11-kit-client.service) = 0f08618851c6eafb35c630957044fc96324be4d3828cdd2aa9b5d6e1245549197ca5b969d6a2f735c893d73c02e885cdc3205bd43e37f6124ebc6cfa61970d3b
|
||||
SHA512 (trust-extract-compat) = 91210705f9bcf1a13c0de1ca9943e3ac68296bfcb7953fc59241de060247b470b39be6e914dd4d92e38a78d5df0962c83315ad78f8c0eade8e62d884b05fdd42
|
||||
SHA512 (p11-kit-0.23.16.1.tar.gz) = 7d0bbd793b43dba081054b4d022a8dbd1d477a3bd6aced72a641087023cf020f1d898899a08e737880e6c810f924814c62497c5ecb19f8322cde42667426a9a7
|
||||
|
|
Loading…
Reference in New Issue