automatic import of clevisopeneuler24.03_LTSopeneuler23.09

1 files changed, 56 insertions, 0 deletions

diff --git a/0001-Include-miscellaneous-sast-fixes-clevis-luks-udisk-2.patch b/0001-Include-miscellaneous-sast-fixes-clevis-luks-udisk-2.patch
new file mode 100644
index 0000000..263166d
--- /dev/null
+++ b/0001-Include-miscellaneous-sast-fixes-clevis-luks-udisk-2.patch
@@ -0,0 +1,56 @@
+--- clevis-20.old/src/luks/udisks2/clevis-luks-udisks2.c	2024-03-08 09:35:37.000000000 +0100
++++ clevis-20/src/luks/udisks2/clevis-luks-udisks2.c	2024-05-21 10:04:15.301469592 +0200
+@@ -264,8 +264,10 @@
+ 
+ error:
+     g_list_free_full(ctx.lst, g_free);
+-    g_main_loop_unref(ctx.loop);
+-    g_object_unref(ctx.clt);
++    if (ctx.loop) 
++        g_main_loop_unref(ctx.loop);
++    if (ctx.clt) 
++        g_object_unref(ctx.clt);
+     close(sock);
+     return exit_status;
+ }
+@@ -299,12 +301,12 @@
+     safeclose(&pair[0]);
+ }
+ 
+-static ssize_t
+-recover_key(const pkt_t *jwe, char *out, size_t max, uid_t uid, gid_t gid)
++static uint32_t
++recover_key(const pkt_t *jwe, char *out, int32_t max, uid_t uid, gid_t gid)
+ {
+     int push[2] = { -1, -1 };
+     int pull[2] = { -1, -1 };
+-    ssize_t bytes = 0;
++    int32_t bytes = 0;
+     pid_t chld = 0;
+ 
+     if (pipe(push) != 0)
+@@ -379,12 +381,18 @@
+     }
+ 
+     bytes = 0;
+-    for (ssize_t block = 1; block > 0; bytes += block) {
+-        block = read(pull[PIPE_RD], &out[bytes], max - bytes);
+-        if (block < 0) {
+-            kill(chld, SIGTERM);
+-            goto error;
+-        }
++    ssize_t block = 0;
++    while (max > 0 && max > bytes) {
++       do {
++           block = read(pull[PIPE_RD], &out[bytes], max - bytes);
++       } while (block < 0 && errno == EINTR);
++       if (block < 0 || block < INT32_MIN || block > INT32_MAX) {
++           kill(chld, SIGTERM);
++           goto error;
++       }
++       if (block == 0)
++           break;
++       bytes += block;
+     }
+ 
+     safeclose(&pull[PIPE_RD]);