> diff -urp trousers-0.3.9.orig/src/tcs/tcs_aik.c
> trousers-0.3.9/src/tcs/tcs_aik.c
> --- trousers-0.3.9.orig/src/tcs/tcs_aik.c 2011-05-04 10:33:11.000000000
> -0400
> +++ trousers-0.3.9/src/tcs/tcs_aik.c 2012-06-22 11:53:07.501720558 -0400
> @@ -114,6 +114,7 @@ get_credential(UINT32 type, UINT32 *size
>
> if ((rc = fstat(fd, &stat_buf)) == -1) {
> LogError("Error stating credential: %s: %s", path,
> strerror(errno));
> + close(fd);
> goto done;
> }
>
> diff -urp trousers-0.3.9.orig/src/tcs/tcs_evlog_biosem.c
> trousers-0.3.9/src/tcs/tcs_evlog_biosem.c
> --- trousers-0.3.9.orig/src/tcs/tcs_evlog_biosem.c 2011-05-04
> 10:33:11.000000000 -0400
> +++ trousers-0.3.9/src/tcs/tcs_evlog_biosem.c 2012-06-22 12:02:59.190735091
> -0400
> @@ -125,7 +125,7 @@ bios_get_entries_by_pcr(FILE *handle, UI
> event->eventDataSize, 1,
> handle)) <= 0) {
> LogError("read from event
> source failed: %s",
> strerror(errno));
> - return result;
> + goto free_list;
> }
> } else {
> cur->event.rgbEvent = NULL;
> diff -urp trousers-0.3.9.orig/src/tcs/tcs_evlog_imaem.c
> trousers-0.3.9/src/tcs/tcs_evlog_imaem.c
> --- trousers-0.3.9.orig/src/tcs/tcs_evlog_imaem.c 2011-05-04
> 10:33:11.000000000 -0400
> +++ trousers-0.3.9/src/tcs/tcs_evlog_imaem.c 2012-06-22 12:06:57.078740934
> -0400
> @@ -80,14 +80,19 @@ ima_get_entries_by_pcr(FILE *handle, UIN
> char page[IMA_READ_SIZE];
> int error_path = 1, ptr = 0;
> UINT32 copied_events = 0, i;
> - struct event_wrapper *list = calloc(1, sizeof(struct event_wrapper));
> + struct event_wrapper *list;
> struct event_wrapper *cur = list;
> TSS_RESULT result = TCSERR(TSS_E_INTERNAL_ERROR);
> FILE *fp = (FILE *) handle;
> uint len;
> char name[255];
>
> - if (list == NULL) {
> + if (!fp) {
> + perror("unable to open file\n");
> + return 1;
> + }
> +
> + if ((list = calloc(1, sizeof(struct event_wrapper))) == NULL) {
> LogError("malloc of %zd bytes failed.", sizeof(struct
> event_wrapper));
> return TCSERR(TSS_E_OUTOFMEMORY);
> }
> @@ -97,10 +102,6 @@ ima_get_entries_by_pcr(FILE *handle, UIN
> goto free_list;
> }
>
> - if (!fp) {
> - perror("unable to open file\n");
> - return 1;
> - }
> rewind(fp);
>
> while (fread(page, 24, 1, fp)) {
The hunk above shouldn't be necessary. I'm guessing that the static
analysis tool was fooled by the fact that we get here through a
function pointer, but the fp arg is always checked prior to getting in
here. This hunk also breaks the code where cur = list. I'll leave
this hunk out.
> diff -urp trousers-0.3.9.orig/src/tcsd/tcsd_conf.c
> trousers-0.3.9/src/tcsd/tcsd_conf.c
> --- trousers-0.3.9.orig/src/tcsd/tcsd_conf.c 2011-07-06 12:24:21.000000000
> -0400
> +++ trousers-0.3.9/src/tcsd/tcsd_conf.c 2012-06-22 11:46:38.155710997 -0400
> @@ -107,6 +107,7 @@ platform_class_list_append(struct tcsd_c
> new_class->classURI = malloc(new_class->classURISize);
> if (new_class->classURI == NULL) {
> LogError("malloc of %u bytes failed",
> new_class->classURISize);
> + free(new_class);
> return TCSERR(TSS_E_OUTOFMEMORY);
> }
> memcpy(new_class->classURI,
> tcg_platform_specs[i].specURI,
> diff -urp trousers-0.3.9.orig/src/trspi/trousers.c
> trousers-0.3.9/src/trspi/trousers.c
> --- trousers-0.3.9.orig/src/trspi/trousers.c 2012-05-30 11:10:51.000000000
> -0400
> +++ trousers-0.3.9/src/trspi/trousers.c 2012-06-22 11:58:35.456728614 -0400
> @@ -1624,6 +1624,7 @@ Trspi_UNICODE_To_Native(BYTE *string, un
>
> if ((tmplen = hacky_strlen("UTF-16", string)) == 0) {
> LogDebug("hacky_strlen returned 0");
> + iconv_close(cd);
> return 0;
> }
>
> diff -urp trousers-0.3.9.orig/src/tspi/ssl_ui.c
> trousers-0.3.9/src/tspi/ssl_ui.c
> --- trousers-0.3.9.orig/src/tspi/ssl_ui.c 2012-01-03 17:15:43.000000000
> -0500
> +++ trousers-0.3.9/src/tspi/ssl_ui.c 2012-06-22 11:45:34.450709434 -0400
> @@ -51,6 +51,7 @@ static TSS_RESULT do_ui(BYTE *string, UI
> unicode = Trspi_Native_To_UNICODE((BYTE *)pin_buf, string_len);
> memset(string, 0, UI_MAX_SECRET_STRING_LENGTH);
> memcpy(string, unicode, *string_len);
> + free(unicode);
> out:
> UI_free(ui);
> no_ui:
> diff -urp trousers-0.3.9.orig/src/tspi/tsp_delegate.c
> trousers-0.3.9/src/tspi/tsp_delegate.c
> --- trousers-0.3.9.orig/src/tspi/tsp_delegate.c 2011-05-04 10:33:11.000000000
> -0400
> +++ trousers-0.3.9/src/tspi/tsp_delegate.c 2012-06-22 11:56:22.487725352
> -0400
> @@ -136,6 +136,7 @@ create_owner_delegation(TSS_HTPM h
> if ((result = authsess_xsap_init(hContext, hTpm, hDelegation,
> TSS_AUTH_POLICY_NOT_REQUIRED,
>
> TPM_ORD_Delegate_CreateOwnerDelegation, TPM_ET_OWNER,
> &xsap)))
> + free(publicInfo);
> return result;
>
> result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
> @@ -223,6 +224,7 @@ create_key_delegation(TSS_HKEY hKe
> if ((result = authsess_xsap_init(hContext, hKey, hDelegation,
> TSS_AUTH_POLICY_REQUIRED,
>
> TPM_ORD_Delegate_CreateKeyDelegation, TPM_ET_KEYHANDLE,
> &xsap)))
> + free(publicInfo);
> return result;
>
> result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
Missing braces around this addition. I'll add them to this hunk and
commit the rest as-is.
Thanks,
Kent
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> TrouSerS-tech mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-tech
--
IBM LTC Security
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
