pool/mokutil
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 222103 from home:gary_lin:branches:Base:System

Browse Source 
- update the list size after merging or deleting a hash
- clean the request if all keys are removed

OBS-URL: https://build.opensuse.org/request/show/222103
OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=16
This commit is contained in:
Gary Ching-Pang Lin 2014-02-13 01:56:54 +00:00 committed by Git OBS Bridge
parent 3f236fd3e4
commit 9e957ec20e
4 changed files with 128 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
mokutil-clean-request.patch Normal file
View File

@ -0,0 +1,42 @@
From a8165e89893bbaf8245fda6a59bcfe562bee4854 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 12 Feb 2014 15:57:51 +0800
Subject: [PATCH] Clean the request when all keys are removed
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index 935cb94..1c32313 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -513,6 +513,24 @@ delete_data_from_list (efi_guid_t type, void *data, uint32_t data_size,
if (start == NULL)
return 0;
+ /* all keys are removed */
+ if (total == 0) {
+ test_and_delete_var (var_name);
+
+ /* delete the password */
+ if (strcmp (var_name, "MokNew") == 0)
+ test_and_delete_var ("MokAuth");
+ else if (strcmp (var_name, "MokXNew") == 0)
+ test_and_delete_var ("MokXAuth");
+ else if (strcmp (var_name, "MokDel") == 0)
+ test_and_delete_var ("MokDelAuth");
+ else if (strcmp (var_name, "MokXDel") == 0)
+ test_and_delete_var ("MokXDelAuth");
+
+ ret = 1;
+ goto done;
+ }
+
/* remove the key or hash */
if (remain > 0)
memmove (start, end, remain);
--
1.8.4.5

72
mokutil-fix-hash-list-size.patch Normal file
View File

@ -0,0 +1,72 @@
From bf19feea5cbc44e6c50d14814d00c902073d8d92 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 12 Feb 2014 11:38:24 +0800
Subject: [PATCH 1/2] Fix the signature list size calculation
While merging the hashes into the previous request, the list size
mistakenly included the signature list header, and this made the
request invalid.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index dbec25b..b706c80 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1374,6 +1374,9 @@ issue_hash_request (const char *hash_str, MokRequest req,
old_req.VariableName = req_name;
old_req.VendorGuid = SHIM_LOCK_GUID;
+
+ list_size = sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t) + hash_size;
+
if (read_variable (&old_req) == EFI_SUCCESS) {
int i;
list_size += old_req.DataSize;
@@ -1388,13 +1391,12 @@ issue_hash_request (const char *hash_str, MokRequest req,
if (efi_guidcmp (mok_list[i].header->SignatureType,
hash_type) == 0) {
merge_ind = i;
+ list_size -= sizeof(EFI_SIGNATURE_LIST);
break;
}
}
}
- list_size += sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t) + hash_size;
-
new_list = malloc (list_size);
if (!new_list) {
fprintf (stderr, "Failed to allocate space for %s\n", req_name);
--
1.8.4.5
From 0c8e542eaaa1f3f8be2198806a5bc370813b4d81 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 12 Feb 2014 15:24:23 +0800
Subject: [PATCH 2/2] Update the list size after deleting a hash
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index b706c80..935cb94 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -501,6 +501,7 @@ delete_data_from_list (efi_guid_t type, void *data, uint32_t data_size,
start += sizeof(EFI_SIGNATURE_LIST) + sig_size * del_ind;
end = start + sig_size;
total -= sig_size;
+ list[i].header->SignatureListSize -= sig_size;
remain += sig_list_size - sizeof(EFI_SIGNATURE_LIST) -
(del_ind + 1) * sig_size;
}
--
1.8.4.5

8
mokutil.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Wed Feb 12 10:06:31 UTC 2014 - glin@suse.com
- Add mokutil-fix-hash-list-size.patch to update the list size
after merging or deleting a hash
- Add mokutil-clean-request.patch to clean the request if all keys
are removed
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 22 05:55:45 UTC 2014 - glin@suse.com Wed Jan 22 05:55:45 UTC 2014 - glin@suse.com

6
mokutil.spec
View File

@ -28,6 +28,10 @@ Source: %{name}-%{version}.tar.bz2
Patch1: mokutil-upstream-fixes.patch Patch1: mokutil-upstream-fixes.patch
# PATCH-FIX-UPSTREAM mokutil-mokx-support.patch glin@suse.com -- Support the MOK blacklist # PATCH-FIX-UPSTREAM mokutil-mokx-support.patch glin@suse.com -- Support the MOK blacklist
Patch2: mokutil-mokx-support.patch Patch2: mokutil-mokx-support.patch
# PATCH-FIX-UPSTREAM mokutil-fix-hash-list-size.patch glin@suse.com -- Update the list size after merging or deleting a hash
Patch3: mokutil-fix-hash-list-size.patch
# PATCH-FIX-UPSTREAM mokutil-clean-request.patch glin@suse.com -- Clear the request if all keys are removed
Patch4: mokutil-clean-request.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: libopenssl-devel >= 0.9.8 BuildRequires: libopenssl-devel >= 0.9.8
@ -49,6 +53,8 @@ Authors:
%setup -q %setup -q
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%patch4 -p1
%build %build
%configure %configure