From 5d2554ed31fa6bc121d94efe533f9e4fea3900aa Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Oct 04 2018 12:40:52 +0000
Subject: Fix memory leak in util_internal_token_name()


Allocate memory using the talloc context instead of relying on
the caller to call free().

---

diff --git a/src/certread-n.c b/src/certread-n.c
index 1d9217c..d535030 100644
--- a/src/certread-n.c
+++ b/src/certread-n.c
@@ -191,7 +191,7 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 		_exit(CM_SUB_STATUS_ERROR_AUTH);
 	}
 	if (entry->cm_cert_token == NULL) {
-		entry->cm_cert_token = util_internal_token_name();
+		entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
 	}
 	PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
 	for (sle = slotlist->head;
diff --git a/src/certsave-n.c b/src/certsave-n.c
index fcb4314..49b2832 100644
--- a/src/certsave-n.c
+++ b/src/certsave-n.c
@@ -215,7 +215,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 		}
 		PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
 		if (entry->cm_cert_token == NULL) {
-			entry->cm_cert_token = util_internal_token_name();
+			entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
 		}
 		for (sle = slotlist->head;
 		     ((sle != NULL) && (sle->slot != NULL));
diff --git a/src/keygen-n.c b/src/keygen-n.c
index f7fdf6c..76a5c1d 100644
--- a/src/keygen-n.c
+++ b/src/keygen-n.c
@@ -273,7 +273,7 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 		_exit(CM_SUB_STATUS_ERROR_NO_TOKEN);
 	}
 	if (entry->cm_cert_token == NULL) {
-		entry->cm_cert_token = util_internal_token_name();
+		entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
 	}
 	/* Walk the list looking for the requested slot, or the first one if
 	 * none was requested. */
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
index b8408bf..8f46ec0 100644
--- a/src/keyiread-n.c
+++ b/src/keyiread-n.c
@@ -153,7 +153,7 @@ cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite)
 	}
 	PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
 	if (entry->cm_key_token == NULL) {
-		entry->cm_key_token = util_internal_token_name();
+		entry->cm_key_token = talloc_strdup(entry, util_internal_token_name());
 	}
 	n_tokens = 0;
 	pubkey = NULL;
diff --git a/src/submit-n.c b/src/submit-n.c
index da07d25..ee6f310 100644
--- a/src/submit-n.c
+++ b/src/submit-n.c
@@ -347,7 +347,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
 		goto done;
 	}
 	if (args->entry->cm_key_token == NULL) {
-		args->entry->cm_key_token = util_internal_token_name();
+		args->entry->cm_key_token = talloc_strdup(args->entry, util_internal_token_name());
 	}
 	PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
 	n_tokens = 0;
diff --git a/src/util-n.c b/src/util-n.c
index 293e258..4ab3d47 100644
--- a/src/util-n.c
+++ b/src/util-n.c
@@ -291,5 +291,5 @@ util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry)
 char *
 util_internal_token_name()
 {
-	return strdup(PK11_GetTokenName(PK11_GetInternalKeySlot()));
+	return PK11_GetTokenName(PK11_GetInternalKeySlot());
 }