$OpenBSD: patch-src_pkcs11_framework-pkcs15_c,v 1.1 2017/09/11 09:27:38 dcoppa Exp $

Fix memory leaks, null pointer dereferences, dead assignments
(upstream git commit e2fe24d56ac4a90bf140c670ebea02dee6a599d6)

Index: src/pkcs11/framework-pkcs15.c
--- src/pkcs11/framework-pkcs15.c.orig
+++ src/pkcs11/framework-pkcs15.c
@@ -718,7 +718,7 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *f
 	} else if (!(pubkey->emulated && (fw_data->p15_card->flags & SC_PKCS15_CARD_FLAG_EMULATED))) {
 		sc_pkcs15_free_pubkey(p15_key);
 	}
-	if (object->pub_data) {
+	if (object && object->pub_data) {
 		if ((object->pub_data->alg_id)&&(object->pub_data->algorithm == SC_ALGORITHM_GOSTR3410))
 			object->pub_data->alg_id->params = &((object->pub_data->u).gostr3410.params);
 	}
@@ -734,7 +734,7 @@ static int
 __pkcs15_create_prkey_object(struct pkcs15_fw_data *fw_data,
 	struct sc_pkcs15_object *prkey, struct pkcs15_any_object **prkey_object)
 {
-	struct pkcs15_prkey_object *object;
+	struct pkcs15_prkey_object *object = NULL;
 	int rv;
 
 	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
@@ -1821,7 +1821,7 @@ pkcs15_initialize(struct sc_pkcs11_slot *slot, void *p
 
 		if (p15card)   {
 			sc_log(context, "pkcs15init erase card");
-			rc = sc_pkcs15init_erase_card(p15card, profile, NULL);
+			sc_pkcs15init_erase_card(p15card, profile, NULL);
 
 			sc_log(context, "pkcs15init unbind");
 			sc_pkcs15init_unbind(profile);
@@ -2266,7 +2266,7 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, 
 	    skey_info->data.value = args.key.data;
 	    skey_info->data.len = args.key.data_len;
 	    skey_info->value_len = args.value_len; /* callers prefered length */
-
+	    args.key.data = NULL;
 	}
 	else {
 #if 1
@@ -2290,6 +2290,7 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, 
 	rv = CKR_OK;
 
 out:
+	free(args.key.data); /* if allocated */
 	free(key_obj);
 	return rv;
 }
@@ -2335,7 +2336,6 @@ pkcs15_create_public_key(struct sc_pkcs11_slot *slot, 
 			return CKR_ATTRIBUTE_VALUE_INVALID;
 	}
 
-	rv = CKR_OK;
 	while (ulCount--) {
 		CK_ATTRIBUTE_PTR attr = pTemplate++;
 		sc_pkcs15_bignum_t *bn = NULL;
@@ -2429,7 +2429,6 @@ pkcs15_create_certificate(struct sc_pkcs11_slot *slot,
 	if (cert_type != CKC_X_509)
 		return CKR_ATTRIBUTE_VALUE_INVALID;
 
-	rv = CKR_OK;
 	while (ulCount--) {
 		CK_ATTRIBUTE_PTR attr = pTemplate++;
 
@@ -2438,7 +2437,7 @@ pkcs15_create_certificate(struct sc_pkcs11_slot *slot,
 		case CKA_CLASS:
 			break;
 		case CKA_PRIVATE:
-			rv = attr_extract(attr, &bValue, NULL);
+			attr_extract(attr, &bValue, NULL);
 			if (bValue) {
 				rv = CKR_TEMPLATE_INCONSISTENT;
 				goto out;
@@ -2505,7 +2504,6 @@ pkcs15_create_data(struct sc_pkcs11_slot *slot, struct
 	if (!fw_data)
 		return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
 
-	rv = CKR_OK;
 	while (ulCount--) {
 		CK_ATTRIBUTE_PTR attr = pTemplate++;
 
@@ -2514,7 +2512,7 @@ pkcs15_create_data(struct sc_pkcs11_slot *slot, struct
 		case CKA_CLASS:
 			break;
 		case CKA_PRIVATE:
-			rv = attr_extract(attr, &bValue, NULL);
+			attr_extract(attr, &bValue, NULL);
 			if (bValue) {
 				pin = slot_data_auth_info(slot->fw_data);
 				if (pin == NULL) {
