From 83aeff5d29a55fdec877eb796b56c2efae70dfcf Mon Sep 17 00:00:00 2001 From: Vojtech Trefny Date: Nov 28 2022 13:52:09 +0000 Subject: Fix double free in write_escrow_data_file Resolves: rhbz#2143226 --- diff --git a/0004-Fix-double-free-in-write_escrow_data_file.patch b/0004-Fix-double-free-in-write_escrow_data_file.patch new file mode 100644 index 0000000..4a5ee67 --- /dev/null +++ b/0004-Fix-double-free-in-write_escrow_data_file.patch @@ -0,0 +1,59 @@ +From 7a0e344d0642f76992c943158621d8ee7e5caea3 Mon Sep 17 00:00:00 2001 +From: Vojtech Trefny +Date: Tue, 15 Nov 2022 13:21:25 +0100 +Subject: [PATCH 1/2] crypto: Fix GError overwrite from libvolume_key + +--- + src/plugins/crypto.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/plugins/crypto.c b/src/plugins/crypto.c +index 35c38410..9064c8e3 100644 +--- a/src/plugins/crypto.c ++++ b/src/plugins/crypto.c +@@ -2552,13 +2552,14 @@ static gboolean write_escrow_data_file (struct libvk_volume *volume, struct libv + GIOChannel *out_file = NULL; + GIOStatus status = G_IO_STATUS_ERROR; + gsize bytes_written = 0; ++ GError *l_error = NULL; + + packet_data = libvk_volume_create_packet_asymmetric_with_format (volume, &packet_data_size, secret_type, cert, +- ui, LIBVK_PACKET_FORMAT_ASYMMETRIC_WRAP_SECRET_ONLY, error); +- ++ ui, LIBVK_PACKET_FORMAT_ASYMMETRIC_WRAP_SECRET_ONLY, &l_error); + if (!packet_data) { + g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_ESCROW_FAILED, +- "Failed to get escrow data"); ++ "Failed to get escrow data: %s", l_error->message); ++ g_clear_error (&l_error); + libvk_volume_free (volume); + return FALSE; + } +-- +2.38.1 + + +From 25bf34c4c03e37eb3782dfccf459b9a3f795ddb3 Mon Sep 17 00:00:00 2001 +From: Vojtech Trefny +Date: Wed, 16 Nov 2022 10:26:06 +0100 +Subject: [PATCH 2/2] crypto: Fix double free in write_escrow_data_file + +--- + src/plugins/crypto.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/plugins/crypto.c b/src/plugins/crypto.c +index 9064c8e3..2086209e 100644 +--- a/src/plugins/crypto.c ++++ b/src/plugins/crypto.c +@@ -2560,7 +2560,6 @@ static gboolean write_escrow_data_file (struct libvk_volume *volume, struct libv + g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_ESCROW_FAILED, + "Failed to get escrow data: %s", l_error->message); + g_clear_error (&l_error); +- libvk_volume_free (volume); + return FALSE; + } + +-- +2.38.1 + diff --git a/libblockdev.spec b/libblockdev.spec index ee60bcd..6cb1c03 100644 --- a/libblockdev.spec +++ b/libblockdev.spec @@ -129,7 +129,7 @@ Name: libblockdev Version: 2.28 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A library for low-level manipulation with block devices License: LGPLv2+ URL: https://github.com/storaged-project/libblockdev @@ -138,6 +138,7 @@ Patch0: libblockdev-gcc11.patch Patch1: 0001-lvm-devices-file-support.patch Patch2: 0002-Add-support-for-creating-and-activating-integrity-de.patch Patch3: 0003-NVMe-plugin-backport.patch +Patch4: 0004-Fix-double-free-in-write_escrow_data_file.patch BuildRequires: make BuildRequires: glib2-devel @@ -722,6 +723,7 @@ A meta-package that pulls all the libblockdev plugins as dependencies. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build autoreconf -ivf @@ -1040,6 +1042,10 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm} %files plugins-all %changelog +* Mon Nov 28 2022 Vojtech Trefny - 2.28-3 +- Fix double free in write_escrow_data_file + Resolves: rhbz#2143226 + * Thu Sep 22 2022 Vojtech Trefny - 2.28-2 - NVMe plugin backport Resolves: rhbz#2123338