!42 Fix faulty code, file resource leakage and memory leakage

From: @godvi 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

digest-list-tools.spec

@@ -1,16 +1,20 @@
 name:           digest-list-tools
-Version:        0.3.94
-Release:        3
+Version:        0.3.95
+Release:        5
 Summary:        Utilities for IMA Digest Lists extension
 
 Source0:        https://gitee.com/openeuler/%{name}/repository/archive/v%{version}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-License:        GPL-2.0
+License:        GPLv2+
 Url:            https://gitee.com/openeuler/digest-list-tools
-Patch0:         fix-invalid-format-in-i686.patch
+
+Patch0:         fix-multiple-definition-of-pgp_algo_mapping.patch
+Patch1:         fix-digestlist-conf-warning.patch
+Patch2: 	fix-faulty-code.patch
+Patch3: 	fix-file-resource-leakage-and-memory-leakage.patch
 
 BuildRequires:  autoconf automake libcurl-devel libtool rpm-devel dracut gzip
-BuildRequires:  libcap-devel libcmocka-devel
+BuildRequires:  libcap-devel libcmocka-devel libselinux-devel
 
 %if 0%{?suse_version}
 BuildRequires:  libopenssl-devel glibc-devel-static
@@ -23,6 +27,16 @@ BuildRequires:  keyutils-libs-devel glibc-static
 %description
 This package includes the tools for configure the IMA Digest Lists extension.
 
+%package devel
+Summary:        The devel package for %{name}
+Requires:       %{name} = %{version}-%{release}
+Provides:       %{name}-static = %{version}-%{release}
+Provides:       %{name}-headers = %{version}-%{release}
+
+%description devel
+The %{name}-devel package contains the header files necessary for developing
+related programs.
+
 %prep
 %autosetup -n %{name}-%{version} -p1
 
@@ -36,6 +50,8 @@ make check
 rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=$RPM_BUILD_ROOT
 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/ima/digest_lists
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/ima/digest_lists.tlv
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/ima/digest_lists.sig
 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1
 
 %post
@@ -53,9 +69,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/dracut.conf.d/digestlist.conf
 %dir %{_sysconfdir}/ima
 %dir %{_sysconfdir}/ima/digest_lists
+%dir %{_sysconfdir}/ima/digest_lists.tlv
+%dir %{_sysconfdir}/ima/digest_lists.sig
 %{_bindir}/gen_digest_lists
 %{_bindir}/setup_ima_digest_lists
 %{_bindir}/setup_ima_digest_lists_demo
+%{_bindir}/setup_grub2
 %{_bindir}/manage_digest_lists
 %{_bindir}/upload_digest_lists
 %{_bindir}/verify_digest_lists
@@ -74,12 +93,15 @@ rm -rf $RPM_BUILD_ROOT
 %{_prefix}/lib/dracut/modules.d/98digestlist/module-setup.sh
 %{_prefix}/lib/dracut/modules.d/98digestlist/upload_meta_digest_lists.sh
 %{_prefix}/lib/dracut/modules.d/98digestlist/load_digest_lists.sh
+
+%files devel
+%defattr(-,root,root,-)
+%dir %{_includedir}/digestlist
+%{_includedir}/digestlist/*.h
 %exclude /usr/lib64/digestlist/*.a
 %exclude /usr/lib64/digestlist/*.la
 %exclude /usr/lib64/libdigestlist-base.a
 %exclude /usr/lib64/libdigestlist-base.la
-%dir %{_includedir}/digestlist
-%{_includedir}/digestlist/*.h
 
 %doc
 %dir /usr/share/digest-list-tools
@@ -101,6 +123,23 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/%{name}.1.gz
 
 %changelog
+* Tue Aug 17 2022 shenxiangwei <shenxaingwei1@huawei.com> - 0.3.95-5
+- Fix faulty code, file resource leakage and memory leakage
+
+* Tue Aug 24 2021 Anakin Zhang <zhangtianxing3@huawei.com> - 0.3.95-4
+- Fix warning in digestlist.conf
+
+* Mon Aug 2 2021 Anakin Zhang <zhangtianxing3@huawei.com> - 0.3.95-3
+- Fix multiple definition of pgp_algo_mapping
+
+* Tue Mar 30 2021 Anakin Zhang <zhangtianxing3@huawei.com> - 0.3.95-2
+- Add devel subpackage
+
+* Tue Feb 16 2021 Roberto Sassu <roberto.sassu@huawei.com> - 0.3.95-1
+- Add support for PGP keys
+- Add setup_grub2 script
+- Bug fixes
+
 * Mon Sep 14 2020 Anakin Zhang <benjamin93@163.com> - 0.3.94-3
 - fix Source0 and Summary in spec
 

fix-digestlist-conf-warning.patch

@@ -0,0 +1,22 @@
+From 00187d4b8e54bc5b40e64ab16aaf5fb9dfbcdf43 Mon Sep 17 00:00:00 2001
+From: Anakin Zhang <benjamin93@163.com>
+Date: Tue, 24 Aug 2021 15:18:24 +0800
+Subject: [PATCH] fix digestlist.conf warning
+
+Signed-off-by: Anakin Zhang <benjamin93@163.com>
+---
+ initrd/dracut/digestlist.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/initrd/dracut/digestlist.conf b/initrd/dracut/digestlist.conf
+index 1c9ddff..f58c08d 100644
+--- a/initrd/dracut/digestlist.conf
++++ b/initrd/dracut/digestlist.conf
+@@ -1,3 +1,3 @@
+ do_strip=no
+-add_dracutmodules+=" digestlist"
++add_dracutmodules+=" digestlist "
+ file_metadata_opt="-e xattr"
+-- 
+2.23.0.windows.1
+

fix-faulty-code.patch

@@ -0,0 +1,82 @@
+From f078f852fa618f9f3a6553ff25eafd21cae0b3c1 Mon Sep 17 00:00:00 2001
+From: shenxiangwei <shenxiangwei1@huawei.com>
+Date: Tue, 2 Aug 2022 21:11:44 +0800
+Subject: [PATCH 1/2] fix faulty code
+
+Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
+---
+ lib/crypto.c     | 4 ++--
+ lib/xattr.c      | 3 +++
+ parsers/rpm.c    | 4 ++--
+ src/rpm_parser.c | 4 ++--
+ 4 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/lib/crypto.c b/lib/crypto.c
+index d81992e..5397feb 100644
+--- a/lib/crypto.c
++++ b/lib/crypto.c
+@@ -314,7 +314,7 @@ static int sign_file(int dirfd, char *filename, char *key_path, char *keypass,
+ 	memcpy(buf + asn1->size, digest, digest_len);
+ 
+ 	sig_len = RSA_private_encrypt(digest_len + asn1->size, buf, sig, k->key,
+-				      RSA_PKCS1_PADDING);
++				      RSA_PKCS1_OAEP_PADDING);
+ 	if (sig_len < 0) {
+ 		printf("RSA_private_encrypt() failed: %d\n", sig_len);
+ 		goto out_buf;
+@@ -403,7 +403,7 @@ static int verify_common(struct list_head *head, int dirfd, char *filename,
+ 		goto out;
+ 	}
+ 
+-	ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_PADDING);
++	ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_OAEP_PADDING);
+ 	if (ret < 0) {
+ 		printf("RSA_public_decrypt() failed: %d\n", ret);
+ 		goto out;
+diff --git a/lib/xattr.c b/lib/xattr.c
+index 2aa9c96..3bfb35c 100644
+--- a/lib/xattr.c
++++ b/lib/xattr.c
+@@ -132,6 +132,9 @@ int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,
+ 		return -ENODATA;
+ 
+ 	*buf_len = ret;
++	if (*buf_len > 65536)
++		return -ENOMEM;
++
+ 	*buf = malloc(*buf_len);
+ 	if (!*buf)
+ 		return -ENOMEM;
+diff --git a/parsers/rpm.c b/parsers/rpm.c
+index e344e30..fc6122e 100644
+--- a/parsers/rpm.c
++++ b/parsers/rpm.c
+@@ -135,8 +135,8 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
+ 
+ 	for (i = 0; i < digests_count && digests < bufendp; i++) {
+ 		u16 modifiers = 0;
+-		int digest_str_len = strlen(digests);
+-		int basename_str_len = strlen(basenames);
++		size_t digest_str_len = strlen(digests);
++		size_t basename_str_len = strlen(basenames);
+ 		int filecaps_str_len = filecaps ? strlen(filecaps) : 0;
+ 		char *obj_label;
+ 		u16 mode = 0;
+diff --git a/src/rpm_parser.c b/src/rpm_parser.c
+index 2cb4219..abb4754 100644
+--- a/src/rpm_parser.c
++++ b/src/rpm_parser.c
+@@ -164,8 +164,8 @@ static int parse_rpm(int fd_ima, int add, char *path, struct stat *st)
+ 		algo = pgp_algo_mapping[be32_to_cpu(*(u32 *)algo_buf)];
+ 
+ 	for (i = 0; i < digests_count && digests < bufendp; i++) {
+-		int digest_str_len = strlen(digests);
+-		int basename_str_len = strlen(basenames);
++		size_t digest_str_len = strlen(digests);
++		size_t basename_str_len = strlen(basenames);
+ 		u32 dirindex = 0;
+ 
+ 		if ((basenames &&
+-- 
+2.27.0
+

fix-file-resource-leakage-and-memory-leakage.patch

@@ -0,0 +1,98 @@
+From 3e08ccc4c5bca26df1c3b7542868cf2a457fa6ec Mon Sep 17 00:00:00 2001
+From: shenxiangwei <shenxiangwei1@huawei.com>
+Date: Tue, 16 Aug 2022 08:34:37 +0800
+Subject: [PATCH 2/2] fix file resource leakage and memory leakage
+
+Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
+---
+ generators/unknown.c      |  2 +-
+ lib/xattr.c               | 14 ++++++++++++++
+ parsers/rpm.c             |  2 +-
+ src/manage_digest_lists.c |  4 ++--
+ 4 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/generators/unknown.c b/generators/unknown.c
+index ad17a23..85f348f 100644
+--- a/generators/unknown.c
++++ b/generators/unknown.c
+@@ -217,7 +217,7 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
+ 		if (!ret)
+ 			ret = write_check(fd, "\n", 1);
+ 
+-		return ret;
++		goto out;
+ 	}
+ 
+ 	if (!tlv) {
+diff --git a/lib/xattr.c b/lib/xattr.c
+index 3bfb35c..166aa2e 100644
+--- a/lib/xattr.c
++++ b/lib/xattr.c
+@@ -129,19 +129,33 @@ int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,
+ 
+ 	ret = fgetxattr(fd, XATTR_NAME_IMA, NULL, 0);
+ 	if (ret < 0)
++	{
++		close(fd);
+ 		return -ENODATA;
++	}
+ 
+ 	*buf_len = ret;
+ 	if (*buf_len > 65536)
++	{
++		close(fd);
+ 		return -ENOMEM;
++	}
+ 
+ 	*buf = malloc(*buf_len);
+ 	if (!*buf)
++	{
++		close(fd);
+ 		return -ENOMEM;
++	}
+ 
+ 	ret = fgetxattr(fd, XATTR_NAME_IMA, *buf, ret);
+ 	if (ret < 0)
++	{
++		free(*buf);
++		*buf = NULL;
++		close(fd);
+ 		return -ENODATA;
++	}
+ 
+ 	ret = parse_ima_xattr(*buf, *buf_len, keyid, keyid_len, sig, sig_len,
+ 			      algo);
+diff --git a/parsers/rpm.c b/parsers/rpm.c
+index fc6122e..0f165b6 100644
+--- a/parsers/rpm.c
++++ b/parsers/rpm.c
+@@ -272,7 +272,7 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
+ 		}
+ 
+ 		if (ret < 0)
+-			return ret;
++			goto out;
+ 	}
+ out:
+ 	free(dirnames_ptr);
+diff --git a/src/manage_digest_lists.c b/src/manage_digest_lists.c
+index 1dc3a43..0eb4233 100644
+--- a/src/manage_digest_lists.c
++++ b/src/manage_digest_lists.c
+@@ -206,11 +206,11 @@ int main(int argc, char *argv[])
+ 	if (op == PARSER_OP_GEN_IMA_LIST) {
+ 		ret = ima_copy_boot_aggregate(fd);
+ 		if (ret < 0)
+-			return ret;
++			goto out_close_fd;
+ 
+ 		ret = ima_generate_entry(-1, fd, "", IMA_KEY_PATH);
+ 		if (ret < 0)
+-			return ret;
++			goto out_close_fd;
+ 	}
+ 
+ 	for (i = 0; i < COMPACT__LAST; i++) {
+-- 
+2.27.0
+

fix-invalid-format-in-i686.patch

@@ -1,33 +0,0 @@
-From cb64bc8e5c15dabc5c912e4621a54338716fb297 Mon Sep 17 00:00:00 2001
-From: Anakin Zhang <benjamin93@163.com>
-Date: Thu, 10 Sep 2020 11:56:04 +0800
-Subject: [PATCH] fix invalid format in i686
-
-Signed-off-by: Anakin Zhang <benjamin93@163.com>
----
- lib/compact_list.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/compact_list.c b/lib/compact_list.c
-index dea6e9b..44cbd89 100644
---- a/lib/compact_list.c
-+++ b/lib/compact_list.c
-@@ -15,6 +15,7 @@
- #define _GNU_SOURCE
- #include <errno.h>
- #include <unistd.h>
-+#include <inttypes.h>
- #include <dirent.h>
- #include <keyutils.h>
- #include <sys/mman.h>
-@@ -339,7 +340,7 @@ void compact_list_tlv_dump_items(struct _tlv_item **items)
- 		case ID_FSMAGIC:
- 			u64_value = *(u64 *)items[i]->data;
- 			u64_value = le64_to_cpu(u64_value);
--			printf("%lu", u64_value);
-+			printf("%" PRIu64 "", u64_value);
- 			break;
- 		default:
- 			break;
--- 
-2.23.0

fix-multiple-definition-of-pgp_algo_mapping.patch

@@ -0,0 +1,26 @@
+From e5c1f8066959b5ed3ca7bca3acb4a59cb3e3cd16 Mon Sep 17 00:00:00 2001
+From: Zhang Tianxing <zhangtianxing3@huawei.com>
+Date: Tue, 3 Aug 2021 00:32:46 +0800
+Subject: [PATCH] fix multiple definition of pgp_algo_mapping
+
+Signed-off-by: Zhang Tianxing <zhangtianxing3@huawei.com>
+---
+ include/lib.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/lib.h b/include/lib.h
+index 604871b..27b71eb 100644
+--- a/include/lib.h
++++ b/include/lib.h
+@@ -44,7 +44,7 @@ enum pgp_hash_algo {
+ 	PGP_HASH__LAST
+ };
+ 
+-enum hash_algo pgp_algo_mapping[PGP_HASH__LAST];
++extern enum hash_algo pgp_algo_mapping[PGP_HASH__LAST];
+ 
+ int read_file_from_path(int dirfd, const char *path, void **buf, loff_t *size);
+ int read_write_file_from_path(int dirfd, const char *path, void **buf,
+-- 
+2.26.2
+