[pkg-opensc-maint] Bug#802118: libengine-pkcs11-openssl: Functions to set static global data may cause memory leak.

persmule persmule at gmail.com
Sat Oct 17 16:04:55 UTC 2015

Package: libengine-pkcs11-openssl
Version: 0.1.8-5
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,

Functions in src/engine_pkcs11.c to set static global data (set_module,
set_pin, get_pin and set_init_args) do not free memories pointed by the
corresponding pointers before assigning them to newly allocated
memories, which
may cause memory leaks if they are called more than once.

The bugs related to set_module, set_pin and get_pin are fixed on
upstream, but
the one of set_init_args is not.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'testing-proposed-updates'), (500,
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libengine-pkcs11-openssl depends on:
ii  libc6        2.19-22
ii  libp11-2     0.2.8-6
ii  libssl1.0.0  1.0.2d-1

libengine-pkcs11-openssl recommends no packages.

libengine-pkcs11-openssl suggests no packages.

-- no debconf information

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-opensc-maint/attachments/20151018/bcfeec43/attachment.sig>

More information about the pkg-opensc-maint mailing list