[opensc/f20] Added fixes for issues in pkcs11-tool
Nikos Mavrogiannopoulos
nmav at fedoraproject.org
Fri Feb 28 15:45:05 UTC 2014
commit 538455aea78e9a9aadb9627920e5c3c732310347
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Fri Feb 28 16:28:52 2014 +0100
Added fixes for issues in pkcs11-tool
Resolves: #1071369, #1071368
opensc-dlclose.patch | 26 ++++++++++++++++++
opensc-out-of-scope.patch | 64 +++++++++++++++++++++++++++++++++++++++++++++
opensc.spec | 11 +++++++-
3 files changed, 100 insertions(+), 1 deletions(-)
---
diff --git a/opensc-dlclose.patch b/opensc-dlclose.patch
new file mode 100644
index 0000000..569910e
--- /dev/null
+++ b/opensc-dlclose.patch
@@ -0,0 +1,26 @@
+From 6d02503e19680a9f3f4e556e4cd99b1c2bbf6d1a Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at redhat.com>
+Date: Fri, 28 Feb 2014 16:17:37 +0100
+Subject: [PATCH] Call dlclose() only when having a valid handle.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav at redhat.com>
+---
+ src/common/libpkcs11.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common/libpkcs11.c b/src/common/libpkcs11.c
+index f8c70a7..b22d16d 100644
+--- a/src/common/libpkcs11.c
++++ b/src/common/libpkcs11.c
+@@ -74,7 +74,7 @@ C_UnloadModule(void *module)
+ if (!mod || mod->_magic != MAGIC)
+ return CKR_ARGUMENTS_BAD;
+
+- if (sc_dlclose(mod->handle) < 0)
++ if (mod->handle != NULL && sc_dlclose(mod->handle) < 0)
+ return CKR_FUNCTION_FAILED;
+
+ memset(mod, 0, sizeof(*mod));
+--
+1.8.5.3
+
diff --git a/opensc-out-of-scope.patch b/opensc-out-of-scope.patch
new file mode 100644
index 0000000..42e6cf7
--- /dev/null
+++ b/opensc-out-of-scope.patch
@@ -0,0 +1,64 @@
+diff -ur opensc-0.13.0.orig/src/tools/pkcs11-tool.c opensc-0.13.0/src/tools/pkcs11-tool.c
+--- opensc-0.13.0.orig/src/tools/pkcs11-tool.c 2012-12-04 15:43:40.000000000 +0100
++++ opensc-0.13.0/src/tools/pkcs11-tool.c 2014-02-28 16:33:19.234607615 +0100
+@@ -1778,6 +1778,9 @@
+ CK_RV rv;
+ int need_to_parse_certdata = 0;
+ unsigned char *oid_buf = NULL;
++ CK_OBJECT_CLASS clazz;
++ CK_CERTIFICATE_TYPE cert_type;
++ CK_KEY_TYPE type = CKK_RSA;
+ #ifdef ENABLE_OPENSSL
+ struct x509cert_info cert;
+ struct rsakey_info rsa;
+@@ -1858,8 +1861,8 @@
+ }
+
+ if (opt_object_class == CKO_CERTIFICATE) {
+- CK_OBJECT_CLASS clazz = CKO_CERTIFICATE;
+- CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
++ clazz = CKO_CERTIFICATE;
++ cert_type = CKC_X_509;
+
+ FILL_ATTR(cert_templ[0], CKA_TOKEN, &_true, sizeof(_true));
+ FILL_ATTR(cert_templ[1], CKA_VALUE, contents, contents_len);
+@@ -1892,7 +1895,7 @@
+ }
+ else
+ if (opt_object_class == CKO_PRIVATE_KEY) {
+- CK_OBJECT_CLASS clazz = CKO_PRIVATE_KEY;
++ clazz = CKO_PRIVATE_KEY;
+
+ n_privkey_attr = 0;
+ FILL_ATTR(privkey_templ[n_privkey_attr], CKA_CLASS, &clazz, sizeof(clazz));
+@@ -1940,7 +1943,7 @@
+ }
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC)
+ else if (evp_key->type == NID_id_GostR3410_2001) {
+- CK_KEY_TYPE type = CKK_GOSTR3410;
++ type = CKK_GOSTR3410;
+
+ FILL_ATTR(privkey_templ[n_privkey_attr], CKA_KEY_TYPE, &type, sizeof(type));
+ n_privkey_attr++;
+@@ -1958,8 +1961,8 @@
+ }
+ else
+ if (opt_object_class == CKO_PUBLIC_KEY) {
+- CK_OBJECT_CLASS clazz = CKO_PUBLIC_KEY;
+- CK_KEY_TYPE type = CKK_RSA;
++ clazz = CKO_PUBLIC_KEY;
++ type = CKK_RSA;
+
+ FILL_ATTR(pubkey_templ[0], CKA_CLASS, &clazz, sizeof(clazz));
+ FILL_ATTR(pubkey_templ[1], CKA_KEY_TYPE, &type, sizeof(type));
+@@ -1998,7 +2001,7 @@
+ }
+ else
+ if (opt_object_class == CKO_DATA) {
+- CK_OBJECT_CLASS clazz = CKO_DATA;
++ clazz = CKO_DATA;
+ FILL_ATTR(data_templ[0], CKA_CLASS, &clazz, sizeof(clazz));
+ FILL_ATTR(data_templ[1], CKA_TOKEN, &_true, sizeof(_true));
+ FILL_ATTR(data_templ[2], CKA_VALUE, &contents, contents_len);
+Only in opensc-0.13.0/src/tools: pkcs11-tool.c~
+Only in opensc-0.13.0/src/tools: pkcs11-tool.c.orig
diff --git a/opensc.spec b/opensc.spec
index ddb084b..b51480a 100644
--- a/opensc.spec
+++ b/opensc.spec
@@ -1,6 +1,6 @@
Name: opensc
Version: 0.13.0
-Release: 11%{?dist}
+Release: 12%{?dist}
Summary: Smart card library and applications
Group: System Environment/Libraries
@@ -13,6 +13,8 @@ Source1: opensc.module
Patch0: 0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
Patch1: opensc-epass2003.patch
Patch2: opensc-myeid.patch
+Patch3: opensc-out-of-scope.patch
+Patch4: opensc-dlclose.patch
BuildRequires: pcsc-lite-devel
BuildRequires: readline-devel
@@ -39,6 +41,8 @@ every software/card that does so, too.
%patch0 -p1 -b .cert_length
%patch1 -p1 -b .epass2003
%patch2 -p1 -b .myeid
+%patch3 -p1 -b .out-of-scope
+%patch4 -p1 -b .dlclose
sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths
cp -p src/pkcs15init/README ./README.pkcs15init
@@ -125,6 +129,11 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libsmm-local.so
%changelog
+* Fri Feb 28 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.13.0-12
+- Added fix for crash when calling pkcs11-tool with an invalid module (#1071368)
+- Added fix for invalid parameters passed to module by pkcs11-tool
+ when importing a private key (#1071369)
+
* Fri Jan 31 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.13.0-11
- Corrected installation path of opensc.module (#1060053)
More information about the scm-commits
mailing list