-
Bug
-
Resolution: Done-Errata
-
Major
-
rhel-8.0.0, CentOS Stream 8, CentOS Stream 9, rhel-9.0.0
-
None
-
xmlsec1-1.2.25-5.el8_10
-
None
-
None
-
rhel-sst-idm-sssd
-
ssg_idm
-
3
-
QE ack, Dev ack
-
False
-
-
None
-
None
-
Pass
-
RegressionOnly
-
None
Fix followin findings from SAST
1.
"Error: RESOURCE_LEAK (CWE-772): xmlsec1-1.2.29/src/c14n.c:225: alloc_fn: Storage is returned from allocation function ""xmlSecBufferCreateOutputBuffer"". xmlsec1-1.2.29/src/c14n.c:225: var_assign: Assigning: ""buf"" = storage returned from ""xmlSecBufferCreateOutputBuffer(&transform->outBuf)"". xmlsec1-1.2.29/src/c14n.c:236: leaked_storage: Variable ""buf"" going out of scope leaks the storage it points to. # 234| * all pointers in the big array */ # 235| nsList = xmlSecTransfor mC14NGetNsList(transform); # 236|-> xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1); # 237| # 238| ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf);"
2.
"Error: RESOURCE_LEAK (CWE-772): xmlsec1-1.2.29/src/parser.c:389: alloc_fn: Storage is returned from allocation function ""xmlParserGetDirectory"". xmlsec1-1.2.29/src/parser.c:389: var_assign: Assigning: ""directory"" = storage returned from ""xmlParserGetDirectory(filename)"". xmlsec1-1.2.29/src/parser.c:398: noescape: Resource ""(xmlChar *)directory"" is not freed or pointed-to in ""xmlStrdup"". xmlsec1-1.2.29/src/parser.c:420: leaked_storage: Variable ""directory"" going out of scope leaks the storage it points to. # 418| } # 419| xmlFreeParserCtxt(ctxt); # 420|-> return(NULL); # 421| } # 422| "
3.
"Error: RESOURCE_LEAK (CWE-772): xmlsec1-1.2.29/src/gcrypt/asymkeys.c:288: alloc_arg: ""gcry_pk_genkey"" allocates memory that is stored into ""key_pair"". xmlsec1-1.2.29/src/gcrypt/asymkeys.c:294: noescape: Resource ""key_pair"" is not freed or pointed-to in ""xmlSecGCryptAsymKeyDataAdoptKey"". xmlsec1-1.2.29/src/gcrypt/asymkeys.c:299: overwrite_var: Overwriting ""key_pair"" in ""key_pair = NULL"" leaks the storage that ""key_pair"" points to. # 297| goto done; # 298| } # 299|-> key_pair = NULL; /* now owned by data */ # 300| # 301| /* success */"
4.
"Error: RESOURCE_LEAK (CWE-772): xmlsec1-1.2.29/src/parser.c:389: alloc_fn: Storage is returned from allocation function ""xmlParserGetDirectory"". xmlsec1-1.2.29/src/parser.c:389: var_assign: Assigning: ""directory"" = storage returned from ""xmlParserGetDirectory(filename)"". xmlsec1-1.2.29/src/parser.c:398: noescape: Resource ""(xmlChar *)directory"" is not freed or pointed-to in ""xmlStrdup"". xmlsec1-1.2.29/src/parser.c:400: noescape: Resource ""(xmlChar *)directory"" is not freed or pointed-to in ""xmlStrlen"". xmlsec1-1.2.29/src/parser.c:402: leaked_storage: Variable ""directory"" going out of scope leaks the storage it points to. # 400| xmlSecStrdupError(BAD_CAST directory, NULL); # 401| xmlFreeParserCtxt(ctxt); # 402|-> return(NULL); # 403| } # 404| }"
5.
"Error: RESOURCE_LEAK (CWE-772): xmlsec1-1.2.29/src/parser.c:389: alloc_fn: Storage is returned from allocation function ""xmlParserGetDirectory"". xmlsec1-1.2.29/src/parser.c:389: var_assign: Assigning: ""directory"" = storage returned from ""xmlParserGetDirectory(filename)"". xmlsec1-1.2.29/src/parser.c:398: noescape: Resource ""(xmlChar *)directory"" is not freed or pointed-to in ""xmlStrdup"". xmlsec1-1.2.29/src/parser.c:430: leaked_storage: Variable ""directory"" going out of scope leaks the storage it points to. # 428| } # 429| xmlFreeParserCtxt(ctxt); # 430|-> return(NULL); # 431| } # 432| "
6.
"Error: RESOURCE_LEAK (CWE-772): xmlsec1-1.2.29/src/parser.c:389: alloc_fn: Storage is returned from allocation function ""xmlParserGetDirectory"". xmlsec1-1.2.29/src/parser.c:389: var_assign: Assigning: ""directory"" = storage returned from ""xmlParserGetDirectory(filename)"". xmlsec1-1.2.29/src/parser.c:398: noescape: Resource ""(xmlChar *)directory"" is not freed or pointed-to in ""xmlStrdup"". xmlsec1-1.2.29/src/parser.c:437: leaked_storage: Variable ""directory"" going out of scope leaks the storage it points to. # 435| ctxt->myDoc = NULL; # 436| xmlFreeParserCtxt(ctxt); # 437|-> return(res); # 438| # 439| }"
7.
"Error: RESOURCE_LEAK (CWE-772): xmlsec1-1.2.29/src/c14n.c:290: alloc_fn: Storage is returned from allocation function ""xmlSecBufferCreateOutputBuffer"". xmlsec1-1.2.29/src/c14n.c:290: var_assign: Assigning: ""buf"" = storage returned from ""xmlSecBufferCreateOutputBuffer(out)"". xmlsec1-1.2.29/src/c14n.c:300: leaked_storage: Variable ""buf"" going out of scope leaks the storage it points to. # 298| * all pointers in the big array */ # 299| nsList = xmlSecTransformC14NGetNsList(transform); # 300|-> xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1); # 301| # 302| ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);"
- clones
-
RHEL-35381 xmlsec1: Fix findings from static application security testing (SAST)
- Closed
- links to
-
RHBA-2024:137445 xmlsec1 update