[opensc] Added fixes for issues in pkcs11-tool

Nikos Mavrogiannopoulos nmav at fedoraproject.org
Fri Feb 28 15:42:58 UTC 2014 

commit b79ccf85174bcf448fa04023e9ef251c25e9d08a
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Fri Feb 28 16:28:52 2014 +0100

    Added fixes for issues in pkcs11-tool
    
    Resolves: #1071369, #1071368

 opensc-dlclose.patch      |   26 ++++++++++++++++++
 opensc-out-of-scope.patch |   64 +++++++++++++++++++++++++++++++++++++++++++++
 opensc.spec               |   11 +++++++-
 3 files changed, 100 insertions(+), 1 deletions(-)
---
diff --git a/opensc-dlclose.patch b/opensc-dlclose.patch
new file mode 100644
index 0000000..569910e
--- /dev/null
+++ b/opensc-dlclose.patch
@@ -0,0 +1,26 @@
+From 6d02503e19680a9f3f4e556e4cd99b1c2bbf6d1a Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at redhat.com>
+Date: Fri, 28 Feb 2014 16:17:37 +0100
+Subject: [PATCH] Call dlclose() only when having a valid handle.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav at redhat.com>
+---
+ src/common/libpkcs11.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common/libpkcs11.c b/src/common/libpkcs11.c
+index f8c70a7..b22d16d 100644
+--- a/src/common/libpkcs11.c
++++ b/src/common/libpkcs11.c
+@@ -74,7 +74,7 @@ C_UnloadModule(void *module)
+ 	if (!mod || mod->_magic != MAGIC)
+ 		return CKR_ARGUMENTS_BAD;
+ 
+-	if (sc_dlclose(mod->handle) < 0)
++	if (mod->handle != NULL && sc_dlclose(mod->handle) < 0)
+ 		return CKR_FUNCTION_FAILED;
+ 
+ 	memset(mod, 0, sizeof(*mod));
+-- 
+1.8.5.3
+
diff --git a/opensc-out-of-scope.patch b/opensc-out-of-scope.patch
new file mode 100644
index 0000000..42e6cf7
--- /dev/null
+++ b/opensc-out-of-scope.patch
@@ -0,0 +1,64 @@
+diff -ur opensc-0.13.0.orig/src/tools/pkcs11-tool.c opensc-0.13.0/src/tools/pkcs11-tool.c
+--- opensc-0.13.0.orig/src/tools/pkcs11-tool.c	2012-12-04 15:43:40.000000000 +0100
++++ opensc-0.13.0/src/tools/pkcs11-tool.c	2014-02-28 16:33:19.234607615 +0100
+@@ -1778,6 +1778,9 @@
+ 	CK_RV rv;
+ 	int need_to_parse_certdata = 0;
+ 	unsigned char *oid_buf = NULL;
++	CK_OBJECT_CLASS clazz;
++	CK_CERTIFICATE_TYPE cert_type;
++	CK_KEY_TYPE type = CKK_RSA;
+ #ifdef ENABLE_OPENSSL
+ 	struct x509cert_info cert;
+ 	struct rsakey_info rsa;
+@@ -1858,8 +1861,8 @@
+ 	}
+ 
+ 	if (opt_object_class == CKO_CERTIFICATE) {
+-		CK_OBJECT_CLASS clazz = CKO_CERTIFICATE;
+-		CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
++		clazz = CKO_CERTIFICATE;
++		cert_type = CKC_X_509;
+ 
+ 		FILL_ATTR(cert_templ[0], CKA_TOKEN, &_true, sizeof(_true));
+ 		FILL_ATTR(cert_templ[1], CKA_VALUE, contents, contents_len);
+@@ -1892,7 +1895,7 @@
+ 	}
+ 	else
+ 	if (opt_object_class == CKO_PRIVATE_KEY) {
+-		CK_OBJECT_CLASS clazz = CKO_PRIVATE_KEY;
++		clazz = CKO_PRIVATE_KEY;
+ 
+ 		n_privkey_attr = 0;
+ 		FILL_ATTR(privkey_templ[n_privkey_attr], CKA_CLASS, &clazz, sizeof(clazz));
+@@ -1940,7 +1943,7 @@
+ 		}
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC)
+ 		else if (evp_key->type == NID_id_GostR3410_2001)   {
+-			CK_KEY_TYPE type = CKK_GOSTR3410;
++			type = CKK_GOSTR3410;
+ 
+ 			FILL_ATTR(privkey_templ[n_privkey_attr], CKA_KEY_TYPE, &type, sizeof(type));
+ 			n_privkey_attr++;
+@@ -1958,8 +1961,8 @@
+ 	}
+ 	else
+ 	if (opt_object_class == CKO_PUBLIC_KEY) {
+-		CK_OBJECT_CLASS clazz = CKO_PUBLIC_KEY;
+-		CK_KEY_TYPE type = CKK_RSA;
++		clazz = CKO_PUBLIC_KEY;
++		type = CKK_RSA;
+ 
+ 		FILL_ATTR(pubkey_templ[0], CKA_CLASS, &clazz, sizeof(clazz));
+ 		FILL_ATTR(pubkey_templ[1], CKA_KEY_TYPE, &type, sizeof(type));
+@@ -1998,7 +2001,7 @@
+ 	}
+ 	else
+ 	if (opt_object_class == CKO_DATA) {
+-		CK_OBJECT_CLASS clazz = CKO_DATA;
++		clazz = CKO_DATA;
+ 		FILL_ATTR(data_templ[0], CKA_CLASS, &clazz, sizeof(clazz));
+ 		FILL_ATTR(data_templ[1], CKA_TOKEN, &_true, sizeof(_true));
+ 		FILL_ATTR(data_templ[2], CKA_VALUE, &contents, contents_len);
+Only in opensc-0.13.0/src/tools: pkcs11-tool.c~
+Only in opensc-0.13.0/src/tools: pkcs11-tool.c.orig
diff --git a/opensc.spec b/opensc.spec
index ddb084b..b51480a 100644
--- a/opensc.spec
+++ b/opensc.spec
@@ -1,6 +1,6 @@
 Name:           opensc
 Version:        0.13.0
-Release:        11%{?dist}
+Release:        12%{?dist}
 Summary:        Smart card library and applications
 
 Group:          System Environment/Libraries
@@ -13,6 +13,8 @@ Source1:        opensc.module
 Patch0:         0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
 Patch1:		opensc-epass2003.patch
 Patch2:		opensc-myeid.patch
+Patch3:		opensc-out-of-scope.patch
+Patch4:		opensc-dlclose.patch
 
 BuildRequires:  pcsc-lite-devel
 BuildRequires:  readline-devel
@@ -39,6 +41,8 @@ every software/card that does so, too.
 %patch0 -p1 -b .cert_length
 %patch1 -p1 -b .epass2003
 %patch2 -p1 -b .myeid
+%patch3 -p1 -b .out-of-scope
+%patch4 -p1 -b .dlclose
 
 sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths
 cp -p src/pkcs15init/README ./README.pkcs15init
@@ -125,6 +129,11 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libsmm-local.so
 
 
 %changelog
+* Fri Feb 28 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.13.0-12
+- Added fix for crash when calling pkcs11-tool with an invalid module (#1071368)
+- Added fix for invalid parameters passed to module by pkcs11-tool
+  when importing a private key (#1071369)
+
 * Fri Jan 31 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.13.0-11
 - Corrected installation path of opensc.module (#1060053)

More information about the scm-commits mailing list