Accepting request 230417 from home:gary_lin:branches:Base:System

- fix the error handling of reading a hash file OBS-URL: https://build.opensuse.org/request/show/230417 OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=24
2014-04-17 03:09:48 +00:00 · 2014-04-17 03:09:48 +00:00 · 8e711b23df
commit 8e711b23df
parent cc67a2e864
3 changed files with 76 additions and 0 deletions
--- a/mokutil-fix-hash-file-read.patch
+++ b/mokutil-fix-hash-file-read.patch
@ -0,0 +1,67 @@
+From 59fb1efb45cc59bfc7a30ade20ef9900c13ec711 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Fri, 11 Apr 2014 11:37:31 +0800
+Subject: [PATCH] Fix error handling of reading password hash file
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ src/mokutil.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index cdb5739..d9b657b 100644
+--- a/src/mokutil.c
+++ b/src/mokutil.c
+@@ -87,6 +87,7 @@ EFI_GUID (0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b,
+ #define DEFAULT_CRYPT_METHOD SHA512_BASED
+ #define DEFAULT_SALT_SIZE    SHA512_SALT_MAX
+ #define SETTINGS_LEN         (DEFAULT_SALT_SIZE*2)
+#define BUF_SIZE             300
+ 
+ static int use_simple_hash;
+ 
+@@ -779,7 +780,7 @@ generate_hash (pw_crypt_t *pw_crypt, char *password, int pw_len)
+ static int
+ get_hash_from_file (const char *file, pw_crypt_t *pw_crypt)
+ {
+-	char string[300];
+	char string[BUF_SIZE];
+ 	ssize_t read_len = 0;
+ 	int fd;
+ 
+@@ -789,22 +790,25 @@ get_hash_from_file (const char *file, pw_crypt_t *pw_crypt)
+ 		return -1;
+ 	}
+ 
+-	while (read_len < 300) {
+-		int rc = read (fd, string + read_len, 300 - read_len);
+-		if (rc == EAGAIN)
+-			continue;
+	bzero (string, BUF_SIZE);
+
+	while (read_len < BUF_SIZE) {
+		ssize_t rc = read (fd, string + read_len, BUF_SIZE - read_len);
+ 		if (rc < 0) {
+			if (errno == EINTR || errno == EAGAIN)
+				continue;
+
+ 			fprintf (stderr, "Failed to read %s: %m\n", file);
+ 			close (fd);
+ 			return -1;
+-		}
+-		if (rc == 0)
+		} else if (rc == 0) {
+ 			break;
+		}
+ 		read_len += rc;
+ 	}
+ 	close (fd);
+ 
+-	if (string[read_len-1] != '\0') {
+	if (string[read_len] != '\0') {
+ 		fprintf (stderr, "corrupted string\n");
+ 		return -1;
+ 	}
+-- 
+1.8.4.5
+
--- a/mokutil.changes
+++ b/mokutil.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Apr 16 04:11:50 UTC 2014 - glin@suse.com
+
+- Add mokutil-fix-hash-file-read.patch to fix the error handling of
+  reading a hash file
+
 -------------------------------------------------------------------
 Thu Apr 10 04:44:22 UTC 2014 - glin@suse.com

--- a/mokutil.spec
+++ b/mokutil.spec
@ -40,6 +40,8 @@ Patch6:         mokutil-check-secure-boot-support.patch
 Patch7:         mokutil-check-corrupted-key-list.patch
 # PATCH-FIX-UPSTREAM mokutil-no-invalid-x509.patch glin@suse.com -- Don't import an invalid x509 certificate
 Patch8:         mokutil-no-invalid-x509.patch
+# PATCH-FIX-UPSTREAM mokutil-fix-hash-file-read.patch glin@suse.com -- Fix the error handling of reading a hash file
+Patch9:         mokutil-fix-hash-file-read.patch
 # PATCH-FIX-OPENSUSE mokutil-support-revoke-builtin-cert.patch glin@suse.com -- Add an option to revoke the built-in certificate
 Patch100:       mokutil-support-revoke-builtin-cert.patch
 BuildRequires:  autoconf
@ -69,6 +71,7 @@ Authors:
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 %patch100 -p1

 %build