From ef4edb74ba5dfb1830a3a21b0c895553e9d4eedc Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Fri, 1 May 2015 12:50:19 +0200
Subject: [PATCH] fixed invalid free

We duplicate mechanisms based on OpenSSL so that they can be freed along
all the card's algorithms created via sc_pkcs11_new_fw_mechanism. Fixes
regression from eaf548aa3dab80a9bbf51da8291e7db978e3a2ad
---
 src/pkcs11/mechanism.c |  1 +
 src/pkcs11/openssl.c   | 22 +++++++++++++++-------
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/pkcs11/mechanism.c b/src/pkcs11/mechanism.c
index 720bce6f..77c1c63b 100644
--- a/src/pkcs11/mechanism.c
+++ b/src/pkcs11/mechanism.c
@@ -934,6 +934,7 @@ sc_pkcs11_derive(sc_pkcs11_operation_t *operation,
 		    pmechParam, ulmechParamLen,
 		    pData, pulDataLen);
 }
+
 /*
  * Create new mechanism type for a mechanism supported by
  * the card
diff --git a/src/pkcs11/openssl.c b/src/pkcs11/openssl.c
index 5120611e..8f812fd2 100644
--- a/src/pkcs11/openssl.c
+++ b/src/pkcs11/openssl.c
@@ -158,6 +158,14 @@ static sc_pkcs11_mechanism_type_t openssl_ripemd160_mech = {
 	NULL,			/* free_mech_data */
 };
 
+static void * dup_mem(void *in, size_t in_len)
+{
+	void *out = malloc(in_len);
+	if (out)
+		memcpy(out, in, in_len);
+	return out;
+}
+
 void
 sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
 {
@@ -199,22 +207,22 @@ sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
 #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */
 
 	openssl_sha1_mech.mech_data = EVP_sha1();
-	sc_pkcs11_register_mechanism(card, &openssl_sha1_mech);
+	sc_pkcs11_register_mechanism(card, dup_mem(&openssl_sha1_mech, sizeof openssl_sha1_mech));
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
 	openssl_sha256_mech.mech_data = EVP_sha256();
-	sc_pkcs11_register_mechanism(card, &openssl_sha256_mech);
+	sc_pkcs11_register_mechanism(card, dup_mem(&openssl_sha256_mech, sizeof openssl_sha256_mech));
 	openssl_sha384_mech.mech_data = EVP_sha384();
-	sc_pkcs11_register_mechanism(card, &openssl_sha384_mech);
+	sc_pkcs11_register_mechanism(card, dup_mem(&openssl_sha384_mech, sizeof openssl_sha384_mech));
 	openssl_sha512_mech.mech_data = EVP_sha512();
-	sc_pkcs11_register_mechanism(card, &openssl_sha512_mech);
+	sc_pkcs11_register_mechanism(card, dup_mem(&openssl_sha512_mech, sizeof openssl_sha512_mech));
 #endif
 	openssl_md5_mech.mech_data = EVP_md5();
-	sc_pkcs11_register_mechanism(card, &openssl_md5_mech);
+	sc_pkcs11_register_mechanism(card, dup_mem(&openssl_md5_mech, sizeof openssl_md5_mech));
 	openssl_ripemd160_mech.mech_data = EVP_ripemd160();
-	sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech);
+	sc_pkcs11_register_mechanism(card, dup_mem(&openssl_ripemd160_mech, sizeof openssl_ripemd160_mech));
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 	openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94);
-	sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech);
+	sc_pkcs11_register_mechanism(card, dup_mem(&openssl_gostr3411_mech, sizeof openssl_gostr3411_mech));
 #endif
 }