Accepting request 259594 from home:gary_lin:branches:Base:System

Update to 0.3.0

OBS-URL: https://build.opensuse.org/request/show/259594
OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=26
This commit is contained in:
Gary Ching-Pang Lin 2014-11-04 08:19:57 +00:00 committed by Git OBS Bridge
parent 8e711b23df
commit b8d7e35874
15 changed files with 165 additions and 4314 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:03cf595bd1b4d4a17dc1814b0529b25505d57429d583e7f9489ef0a2354b320e
size 102028

3
mokutil-0.3.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1955888d275ece95ef88919ea6c9ae5153ddff9a64a7aac371d874d626be3bb0
size 105228

View File

@ -1,32 +0,0 @@
From e2e549583543bb0d607670b25af75821f55d5538 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 10 Apr 2014 12:36:29 +0800
Subject: [PATCH] Check corrupted key list
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index eb563ca..6792823 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -237,6 +237,14 @@ build_mok_list (void *data, unsigned long data_size, uint32_t *mok_num)
unsigned long count = 0;
while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
+ if (CertList->SignatureListSize == 0 ||
+ CertList->SignatureListSize <= CertList->SignatureSize) {
+ fprintf (stderr, "Corrupted signature list\n");
+ if (list)
+ free (list);
+ return NULL;
+ }
+
if ((efi_guidcmp (CertList->SignatureType, EfiCertX509Guid) != 0) &&
(efi_guidcmp (CertList->SignatureType, EfiHashSha1Guid) != 0) &&
(efi_guidcmp (CertList->SignatureType, EfiHashSha224Guid) != 0) &&
--
1.8.4.5

View File

@ -1,49 +0,0 @@
From e8899f1f26a77dfd870388156381489d53e5548c Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 24 Mar 2014 15:20:27 +0800
Subject: [PATCH] Check whether the system supports Secure Boot or not
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index cd039f0..149df2b 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -2211,6 +2211,23 @@ main (int argc, char *argv[])
if (hash_file && use_root_pw)
command |= HELP;
+ if (!(command & HELP)) {
+ /* Check whether the machine supports Secure Boot or not */
+ efi_variable_t var;
+ efi_status_t status;
+
+ memset (&var, 0, sizeof(var));
+ var.VariableName = "SecureBoot";
+ var.VendorGuid = EFI_GLOBAL_VARIABLE;
+ status = read_variable (&var);
+ if (status != EFI_SUCCESS) {
+ fprintf (stderr, "This system doesn't support Secure Boot\n");
+ ret = -1;
+ goto out;
+ }
+ free (var.Data);
+ }
+
switch (command) {
case LIST_ENROLLED:
case LIST_ENROLLED | MOKX:
@@ -2331,6 +2348,7 @@ main (int argc, char *argv[])
break;
}
+out:
if (files) {
for (i = 0; i < total; i++)
free (files[i]);
--
1.8.4.5

View File

@ -1,42 +0,0 @@
From a8165e89893bbaf8245fda6a59bcfe562bee4854 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 12 Feb 2014 15:57:51 +0800
Subject: [PATCH] Clean the request when all keys are removed
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index 935cb94..1c32313 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -513,6 +513,24 @@ delete_data_from_list (efi_guid_t type, void *data, uint32_t data_size,
if (start == NULL)
return 0;
+ /* all keys are removed */
+ if (total == 0) {
+ test_and_delete_var (var_name);
+
+ /* delete the password */
+ if (strcmp (var_name, "MokNew") == 0)
+ test_and_delete_var ("MokAuth");
+ else if (strcmp (var_name, "MokXNew") == 0)
+ test_and_delete_var ("MokXAuth");
+ else if (strcmp (var_name, "MokDel") == 0)
+ test_and_delete_var ("MokDelAuth");
+ else if (strcmp (var_name, "MokXDel") == 0)
+ test_and_delete_var ("MokXDelAuth");
+
+ ret = 1;
+ goto done;
+ }
+
/* remove the key or hash */
if (remain > 0)
memmove (start, end, remain);
--
1.8.4.5

View File

@ -1,67 +0,0 @@
From 59fb1efb45cc59bfc7a30ade20ef9900c13ec711 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 11 Apr 2014 11:37:31 +0800
Subject: [PATCH] Fix error handling of reading password hash file
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index cdb5739..d9b657b 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -87,6 +87,7 @@ EFI_GUID (0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b,
#define DEFAULT_CRYPT_METHOD SHA512_BASED
#define DEFAULT_SALT_SIZE SHA512_SALT_MAX
#define SETTINGS_LEN (DEFAULT_SALT_SIZE*2)
+#define BUF_SIZE 300
static int use_simple_hash;
@@ -779,7 +780,7 @@ generate_hash (pw_crypt_t *pw_crypt, char *password, int pw_len)
static int
get_hash_from_file (const char *file, pw_crypt_t *pw_crypt)
{
- char string[300];
+ char string[BUF_SIZE];
ssize_t read_len = 0;
int fd;
@@ -789,22 +790,25 @@ get_hash_from_file (const char *file, pw_crypt_t *pw_crypt)
return -1;
}
- while (read_len < 300) {
- int rc = read (fd, string + read_len, 300 - read_len);
- if (rc == EAGAIN)
- continue;
+ bzero (string, BUF_SIZE);
+
+ while (read_len < BUF_SIZE) {
+ ssize_t rc = read (fd, string + read_len, BUF_SIZE - read_len);
if (rc < 0) {
+ if (errno == EINTR || errno == EAGAIN)
+ continue;
+
fprintf (stderr, "Failed to read %s: %m\n", file);
close (fd);
return -1;
- }
- if (rc == 0)
+ } else if (rc == 0) {
break;
+ }
read_len += rc;
}
close (fd);
- if (string[read_len-1] != '\0') {
+ if (string[read_len] != '\0') {
fprintf (stderr, "corrupted string\n");
return -1;
}
--
1.8.4.5

View File

@ -1,72 +0,0 @@
From bf19feea5cbc44e6c50d14814d00c902073d8d92 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 12 Feb 2014 11:38:24 +0800
Subject: [PATCH 1/2] Fix the signature list size calculation
While merging the hashes into the previous request, the list size
mistakenly included the signature list header, and this made the
request invalid.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index dbec25b..b706c80 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1374,6 +1374,9 @@ issue_hash_request (const char *hash_str, MokRequest req,
old_req.VariableName = req_name;
old_req.VendorGuid = SHIM_LOCK_GUID;
+
+ list_size = sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t) + hash_size;
+
if (read_variable (&old_req) == EFI_SUCCESS) {
int i;
list_size += old_req.DataSize;
@@ -1388,13 +1391,12 @@ issue_hash_request (const char *hash_str, MokRequest req,
if (efi_guidcmp (mok_list[i].header->SignatureType,
hash_type) == 0) {
merge_ind = i;
+ list_size -= sizeof(EFI_SIGNATURE_LIST);
break;
}
}
}
- list_size += sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t) + hash_size;
-
new_list = malloc (list_size);
if (!new_list) {
fprintf (stderr, "Failed to allocate space for %s\n", req_name);
--
1.8.4.5
From 0c8e542eaaa1f3f8be2198806a5bc370813b4d81 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 12 Feb 2014 15:24:23 +0800
Subject: [PATCH 2/2] Update the list size after deleting a hash
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index b706c80..935cb94 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -501,6 +501,7 @@ delete_data_from_list (efi_guid_t type, void *data, uint32_t data_size,
start += sizeof(EFI_SIGNATURE_LIST) + sig_size * del_ind;
end = start + sig_size;
total -= sig_size;
+ list[i].header->SignatureListSize -= sig_size;
remain += sig_list_size - sizeof(EFI_SIGNATURE_LIST) -
(del_ind + 1) * sig_size;
}
--
1.8.4.5

View File

@ -0,0 +1,36 @@
From 1313fa02a5b2bfe61ee6702696600fc148ec2d6e Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 4 Nov 2014 15:50:03 +0800
Subject: [PATCH] Fix the potential buffer overflow
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 5b34f22..93fb6fa 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1743,7 +1743,7 @@ set_toggle (const char * VarName, uint32_t state)
MokToggleVar tvar;
char *password = NULL;
unsigned int pw_len;
- efi_char16_t efichar_pass[SB_PASSWORD_MAX];
+ efi_char16_t efichar_pass[SB_PASSWORD_MAX+1];
int ret = -1;
printf ("password length: %d~%d\n", SB_PASSWORD_MIN, SB_PASSWORD_MAX);
@@ -1757,8 +1757,7 @@ set_toggle (const char * VarName, uint32_t state)
efichar_from_char (efichar_pass, password,
SB_PASSWORD_MAX * sizeof(efi_char16_t));
- memcpy(tvar.password, efichar_pass,
- SB_PASSWORD_MAX * sizeof(efi_char16_t));
+ memcpy(tvar.password, efichar_pass, sizeof(tvar.password));
tvar.mok_toggle_state = state;
--
1.8.4.5

File diff suppressed because it is too large Load Diff

View File

@ -1,164 +0,0 @@
From 98fe9bfda3bcf6c532d57e07e6ba25c350e7b7a1 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 13 Feb 2014 14:32:18 +0800
Subject: [PATCH 1/3] Be more verbose while skipping a key
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 1c32313..3655b92 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1228,7 +1228,8 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
printf ("Removed %s from %s\n", files[i], reverse_req);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
} else {
- printf ("Skip %s\n", files[i]);
+ printf ("%s is already enrolled or in %s request\n", files[i],
+ import?"an enrollment":"a deletion");
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
}
--
1.8.4.5
From 2e5560600b213e35e59d4a7923c01f8b9c095323 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 24 Mar 2014 14:48:53 +0800
Subject: [PATCH 2/3] Show more details when skipping a key
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 3655b92..cd039f0 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1111,6 +1111,29 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
return 0;
}
+static void
+print_skip_message (const char *filename, void *mok, uint32_t mok_size,
+ uint8_t import)
+{
+ if (import) {
+ if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+ printf ("SKIP: %s is already in PK\n", filename);
+ else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
+ printf ("SKIP: %s is already in KEK\n", filename);
+ else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
+ printf ("SKIP: %s is already in db\n", filename);
+ else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+ printf ("SKIP: %s is already enrolled\n", filename);
+ else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+ printf ("SKIP: %s is already in the enrollement request\n", filename);
+ } else {
+ if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+ printf ("SKIP: %s is not in MokList\n", filename);
+ else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+ printf ("SKIP: %s is already in the deletion request\n", filename);
+ }
+}
+
static int
issue_mok_request (char **files, uint32_t total, MokRequest req,
const char *hash_file, const int root_pw)
@@ -1228,8 +1251,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
printf ("Removed %s from %s\n", files[i], reverse_req);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
} else {
- printf ("%s is already enrolled or in %s request\n", files[i],
- import?"an enrollment":"a deletion");
+ print_skip_message (files[i], ptr, sizes[i], import);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
}
--
1.8.4.5
From 19df75d89e636293c93686e1edd8529f4b68170e Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 24 Mar 2014 16:27:06 +0800
Subject: [PATCH 3/3] Merge MokX for print_skip_message()
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 39 ++++++++++++++++++++++++++++-----------
1 file changed, 28 insertions(+), 11 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index cd039f0..492dffc 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1113,24 +1113,41 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
static void
print_skip_message (const char *filename, void *mok, uint32_t mok_size,
- uint8_t import)
+ MokRequest req)
{
- if (import) {
- if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+ efi_guid_t type = EfiCertX509Guid;
+
+ switch (req) {
+ case ENROLL_MOK:
+ if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "PK"))
printf ("SKIP: %s is already in PK\n", filename);
- else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
+ else if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "KEK"))
printf ("SKIP: %s is already in KEK\n", filename);
- else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
+ else if (is_duplicate (type, mok, mok_size, EFI_IMAGE_SECURITY_DATABASE_GUID, "db"))
printf ("SKIP: %s is already in db\n", filename);
- else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
printf ("SKIP: %s is already enrolled\n", filename);
- else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokNew"))
printf ("SKIP: %s is already in the enrollement request\n", filename);
- } else {
- if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+ break;
+ case DELETE_MOK:
+ if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
printf ("SKIP: %s is not in MokList\n", filename);
- else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokDel"))
printf ("SKIP: %s is already in the deletion request\n", filename);
+ break;
+ case ENROLL_BLACKLIST:
+ if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
+ printf ("SKIP: %s is already in MokListX\n", filename);
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXNew"))
+ printf ("SKIP: %s is already in the MokX enrollment request\n", filename);
+ break;
+ case DELETE_BLACKLIST:
+ if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
+ printf ("SKIP: %s is not in MokListX\n", filename);
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXDel"))
+ printf ("SKIP: %s is already in the MokX deletion request\n", filename);
+ break;
}
}
@@ -1251,7 +1268,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
printf ("Removed %s from %s\n", files[i], reverse_req);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
} else {
- print_skip_message (files[i], ptr, sizes[i], import);
+ print_skip_message (files[i], ptr, sizes[i], req);
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
}
--
1.8.4.5

View File

@ -1,28 +0,0 @@
From 0806111a850304a0490376d568ea5bf74fcdbd04 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 10 Apr 2014 12:37:54 +0800
Subject: [PATCH] Don't import an invalid x509 cert
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 6792823..cdb5739 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1265,8 +1265,9 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
goto error;
}
if (!is_valid_cert (ptr, read_size)) {
- fprintf (stderr, "Warning!!! %s is not a valid x509 certificate in DER format\n",
+ fprintf (stderr, "Abort!!! %s is not a valid x509 certificate in DER format\n",
files[i]);
+ goto error;
}
if (is_valid_request (EfiCertX509Guid, ptr, sizes[i], req)) {
--
1.8.4.5

View File

@ -1,7 +1,7 @@
From 0ebfada39e35d3366dfce45158a33f7624907d1f Mon Sep 17 00:00:00 2001 From fe695869306567a1ae6c7ddbd87c2fbdc4a5bba1 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 21 Feb 2014 17:56:55 +0800 Date: Fri, 21 Feb 2014 17:56:55 +0800
Subject: [PATCH] Add the option to revoke the built-in certificate Subject: [PATCH 1/2] Add the option to revoke the built-in certificate
This is an openSUSE-only patch. This is an openSUSE-only patch.
@ -13,10 +13,10 @@ revoke the built-in certificate.
1 file changed, 82 insertions(+) 1 file changed, 82 insertions(+)
diff --git a/src/mokutil.c b/src/mokutil.c diff --git a/src/mokutil.c b/src/mokutil.c
index 1c32313..14adae7 100644 index 5b34f22..ab3d04f 100644
--- a/src/mokutil.c --- a/src/mokutil.c
+++ b/src/mokutil.c +++ b/src/mokutil.c
@@ -83,6 +83,7 @@ EFI_GUID (0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, @@ -83,6 +83,7 @@
#define IMPORT_HASH (1 << 21) #define IMPORT_HASH (1 << 21)
#define DELETE_HASH (1 << 22) #define DELETE_HASH (1 << 22)
#define VERBOSITY (1 << 23) #define VERBOSITY (1 << 23)
@ -24,7 +24,7 @@ index 1c32313..14adae7 100644
#define DEFAULT_CRYPT_METHOD SHA512_BASED #define DEFAULT_CRYPT_METHOD SHA512_BASED
#define DEFAULT_SALT_SIZE SHA512_SALT_MAX #define DEFAULT_SALT_SIZE SHA512_SALT_MAX
@@ -151,6 +152,7 @@ print_help () @@ -156,6 +157,7 @@ print_help ()
printf (" --kek\t\t\t\t\tList the keys in KEK\n"); printf (" --kek\t\t\t\t\tList the keys in KEK\n");
printf (" --db\t\t\t\t\tList the keys in db\n"); printf (" --db\t\t\t\t\tList the keys in db\n");
printf (" --dbx\t\t\t\t\tList the keys in dbx\n"); printf (" --dbx\t\t\t\t\tList the keys in dbx\n");
@ -32,7 +32,7 @@ index 1c32313..14adae7 100644
printf ("\n"); printf ("\n");
printf ("Supplimentary Options:\n"); printf ("Supplimentary Options:\n");
printf (" --hash-file <hash file>\t\tUse the specific password hash\n"); printf (" --hash-file <hash file>\t\tUse the specific password hash\n");
@@ -1903,6 +1905,79 @@ set_verbosity (uint8_t verbosity) @@ -1994,6 +1996,79 @@ set_verbosity (uint8_t verbosity)
return 0; return 0;
} }
@ -112,7 +112,7 @@ index 1c32313..14adae7 100644
static inline int static inline int
list_db (DBName db_name) list_db (DBName db_name)
{ {
@@ -1974,6 +2049,7 @@ main (int argc, char *argv[]) @@ -2070,6 +2145,7 @@ main (int argc, char *argv[])
{"kek", no_argument, 0, 0 }, {"kek", no_argument, 0, 0 },
{"db", no_argument, 0, 0 }, {"db", no_argument, 0, 0 },
{"dbx", no_argument, 0, 0 }, {"dbx", no_argument, 0, 0 },
@ -120,7 +120,7 @@ index 1c32313..14adae7 100644
{0, 0, 0, 0} {0, 0, 0, 0}
}; };
@@ -2061,6 +2137,8 @@ main (int argc, char *argv[]) @@ -2157,6 +2233,8 @@ main (int argc, char *argv[])
command |= LIST_ENROLLED; command |= LIST_ENROLLED;
db_name = DBX; db_name = DBX;
} }
@ -129,7 +129,7 @@ index 1c32313..14adae7 100644
} }
break; break;
@@ -2303,6 +2381,10 @@ main (int argc, char *argv[]) @@ -2416,6 +2494,10 @@ main (int argc, char *argv[])
case VERBOSITY: case VERBOSITY:
ret = set_verbosity (verbosity); ret = set_verbosity (verbosity);
break; break;
@ -143,3 +143,98 @@ index 1c32313..14adae7 100644
-- --
1.8.4.5 1.8.4.5
From 09ac7c76b0c313abc664fe104bc32d89df0e0976 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 4 Nov 2014 14:50:36 +0800
Subject: [PATCH 2/2] Use the efivar functions to access UEFI variables
This is an openSUSE-only patch.
Adapt the changes in the mainline.
---
src/mokutil.c | 45 +++++++++++++++++++++++++--------------------
1 file changed, 25 insertions(+), 20 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index ab3d04f..9dcf4f1 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1999,28 +1999,35 @@ set_verbosity (uint8_t verbosity)
static int
revoke_builtin_cert (void)
{
- efi_variable_t var;
+ uint32_t attributes;
+ size_t data_size;
+ uint8_t *data;
pw_crypt_t pw_crypt;
uint8_t auth[SHA256_DIGEST_LENGTH];
char *password = NULL;
- int pw_len;
+ unsigned int pw_len;
int auth_ret;
int ret = -1;
/* Check use_openSUSE_cert */
- memset (&var, 0, sizeof(var));
- var.VariableName = "use_openSUSE_cert";
- var.VendorGuid = SHIM_LOCK_GUID;
+ if (efi_get_variable (efi_guid_shim, "use_openSUSE_cert",
+ &data, &data_size, &attributes) < 0) {
+ fprintf (stderr, "Failed to get use_openSUSE_cert\n");
+ return 0;
+ }
- if (read_variable (&var) != EFI_SUCCESS)
+ if (data_size != 1) {
+ free (data);
+ fprintf (stderr, "Invalid variable: use_openSUSE_cert\n");
return 0;
+ }
- if ((uint8_t)*var.Data != 1) {
- free (var.Data);
+ if (*data != 1) {
+ free (data);
fprintf (stderr, "The built-in certificate is already revoked.\n");
return 0;
}
- free (var.Data);
+ free (data);
memset (&pw_crypt, 0, sizeof(pw_crypt_t));
memset (auth, 0, SHA256_DIGEST_LENGTH);
@@ -2043,20 +2050,18 @@ revoke_builtin_cert (void)
}
if (!use_simple_hash) {
- var.Data = (void *)&pw_crypt;
- var.DataSize = PASSWORD_CRYPT_SIZE;
+ data = (uint8_t *)&pw_crypt;
+ data_size = PASSWORD_CRYPT_SIZE;
} else {
- var.Data = (void *)auth;
- var.DataSize = SHA256_DIGEST_LENGTH;
+ data = auth;
+ data_size = SHA256_DIGEST_LENGTH;
}
- var.VariableName = "ClearVerify";
-
- var.VendorGuid = SHIM_LOCK_GUID;
- var.Attributes = EFI_VARIABLE_NON_VOLATILE
- | EFI_VARIABLE_BOOTSERVICE_ACCESS
- | EFI_VARIABLE_RUNTIME_ACCESS;
+ attributes = EFI_VARIABLE_NON_VOLATILE
+ | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ | EFI_VARIABLE_RUNTIME_ACCESS;
- if (edit_protected_variable (&var) != EFI_SUCCESS) {
+ if (efi_set_variable (efi_guid_shim, "ClearVerify",
+ data, data_size, attributes) < 0) {
fprintf (stderr, "Failed to write ClearVerify\n");
goto error;
}
--
1.8.4.5

View File

@ -1,853 +0,0 @@
From 9bbf4150add7de95bfeed8515aa9d9d63977ebd4 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 25 Sep 2013 18:04:29 +0800
Subject: [PATCH 01/10] Update the copyright declaration
Allow the binary to be linked with openssl
---
src/efi.h | 47 +++++++++++++++++++++++++++++------------------
src/efilib.c | 17 +++++++++++++++++
src/mokutil.c | 14 ++++++++++++++
src/password-crypt.c | 14 ++++++++++++++
src/password-crypt.h | 14 ++++++++++++++
src/signature.h | 30 ++++++++++++++++++++++++++++++
6 files changed, 118 insertions(+), 18 deletions(-)
diff --git a/src/efi.h b/src/efi.h
index 7930a94..a622a2b 100644
--- a/src/efi.h
+++ b/src/efi.h
@@ -1,22 +1,33 @@
/*
- efi.h - Extensible Firmware Interface definitions
-
- Copyright (C) 2001, 2003 Dell Computer Corporation <Matt_Domsch@dell.com>
- Copyright (C) 2012 Gary Lin <glin@suse.com>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Copyright (C) 2001, 2003 Dell Computer Corporation <Matt_Domsch@dell.com>
+ * Copyright (C) 2012-2013 Gary Lin <glin@suse.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ *
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
*/
#ifndef EFI_H
diff --git a/src/efilib.c b/src/efilib.c
index c2336f9..6db914f 100644
--- a/src/efilib.c
+++ b/src/efilib.c
@@ -14,6 +14,23 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ *
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ *
* A part of the source code is copied from efibootmgr
*/
#include <sys/types.h>
diff --git a/src/mokutil.c b/src/mokutil.c
index e7ea08f..109a3eb 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -14,6 +14,20 @@
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ *
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
*/
#include <stdio.h>
#include <stdlib.h>
diff --git a/src/password-crypt.c b/src/password-crypt.c
index a1d213b..7fbc3b6 100644
--- a/src/password-crypt.c
+++ b/src/password-crypt.c
@@ -13,6 +13,20 @@
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ *
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
*/
#include <string.h>
#include <stdlib.h>
diff --git a/src/password-crypt.h b/src/password-crypt.h
index b694ac1..04451b4 100644
--- a/src/password-crypt.h
+++ b/src/password-crypt.h
@@ -13,6 +13,20 @@
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ *
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
*/
#ifndef __PASSWORD_CRYPT_H__
#define __PASSWORD_CRYPT_H__
diff --git a/src/signature.h b/src/signature.h
index f795f14..df88e98 100644
--- a/src/signature.h
+++ b/src/signature.h
@@ -1,3 +1,33 @@
+/**
+ * Copyright (C) 2012-2013 Gary Lin <glin@suse.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ *
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
#define SHA256_DIGEST_SIZE 32
#define EfiHashSha1Guid EFI_GUID (0x826ca512, 0xcf10, 0x4ac9, 0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd)
--
1.8.1.4
From dcb76ee1e91c02a026bc0b0b8d02dac71d3c85e1 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Wed, 2 Oct 2013 13:09:20 -0400
Subject: [PATCH 02/10] Add support for disabling/enabling the use of DB for
verification
This lets a user disable the use of DB for verification purposes. The new
options "--ignore-db" and "--use-db" toggle the state of this. This sets
a UEFI variable called MokDB that makes MokManager prompt the user to approve
the setting after a reboot.
We refactor MokSBVar to MokToggleVar and set_validation to set_toggle, as
both MokDB and MokSB are really just toggle variables.
---
src/mokutil.c | 54 +++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 41 insertions(+), 13 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 109a3eb..41bd8eb 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -76,6 +76,8 @@ EFI_GUID (0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b,
#define RESET (1 << 15)
#define GENERATE_PW_HASH (1 << 16)
#define SIMPLE_HASH (1 << 17)
+#define IGNORE_DB (1 << 18)
+#define USE_DB (1 << 19)
#define DEFAULT_CRYPT_METHOD SHA512_BASED
#define DEFAULT_SALT_SIZE SHA512_SALT_MAX
@@ -90,10 +92,10 @@ typedef struct {
} MokListNode;
typedef struct {
- uint32_t mok_sb_state;
+ uint32_t mok_toggle_state;
uint32_t password_length;
uint16_t password[SB_PASSWORD_MAX];
-} MokSBVar;
+} MokToggleVar;
static void
print_help ()
@@ -119,6 +121,8 @@ print_help ()
printf (" --test-key <der file>\t\t\tTest if the key is enrolled or not\n");
printf (" --reset\t\t\t\tReset MOK list\n");
printf (" --generate-hash[=password]\t\tGenerate the password hash\n");
+ printf (" --ignore-db\t\t\t\tIgnore DB for validation\n");
+ printf (" --use-db\t\t\t\tUse DB for validation\n");
printf ("\n");
printf ("Supplimentary Options:\n");
printf (" --hash-file <hash file>\t\tUse the specific password hash\n");
@@ -1108,10 +1112,10 @@ error:
}
static int
-set_validation (uint32_t state)
+set_toggle (const char * VarName, uint32_t state)
{
efi_variable_t var;
- MokSBVar sbvar;
+ MokToggleVar tvar;
char *password = NULL;
int pw_len;
efi_char16_t efichar_pass[SB_PASSWORD_MAX];
@@ -1123,26 +1127,26 @@ set_validation (uint32_t state)
goto error;
}
- sbvar.password_length = pw_len;
+ tvar.password_length = pw_len;
efichar_from_char (efichar_pass, password,
SB_PASSWORD_MAX * sizeof(efi_char16_t));
- memcpy(sbvar.password, efichar_pass,
+ memcpy(tvar.password, efichar_pass,
SB_PASSWORD_MAX * sizeof(efi_char16_t));
- sbvar.mok_sb_state = state;
+ tvar.mok_toggle_state = state;
- var.VariableName = "MokSB";
+ var.VariableName = VarName;
var.VendorGuid = SHIM_LOCK_GUID;
- var.Data = (void *)&sbvar;
- var.DataSize = sizeof(sbvar);
+ var.Data = (void *)&tvar;
+ var.DataSize = sizeof(tvar);
var.Attributes = EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS;
if (edit_protected_variable (&var) != EFI_SUCCESS) {
- fprintf (stderr, "Failed to request new SB state\n");
+ fprintf (stderr, "Failed to request new %s state\n", VarName);
goto error;
}
@@ -1156,13 +1160,13 @@ error:
static int
disable_validation()
{
- return set_validation(0);
+ return set_toggle("MokSB", 0);
}
static int
enable_validation()
{
- return set_validation(1);
+ return set_toggle("MokSB", 1);
}
static int
@@ -1195,6 +1199,18 @@ sb_state ()
}
static int
+disable_db()
+{
+ return set_toggle("MokDB", 0);
+}
+
+static int
+enable_db()
+{
+ return set_toggle("MokDB", 1);
+}
+
+static int
test_key (const char *key_file)
{
struct stat buf;
@@ -1346,6 +1362,8 @@ main (int argc, char *argv[])
{"generate-hash", optional_argument, 0, 'g'},
{"root-pw", no_argument, 0, 'P'},
{"simple-hash", no_argument, 0, 's'},
+ {"ignore-db", no_argument, 0, 0 },
+ {"use-db", no_argument, 0, 0 },
{0, 0, 0, 0}
};
@@ -1377,6 +1395,10 @@ main (int argc, char *argv[])
command |= SB_STATE;
} else if (strcmp (option, "reset") == 0) {
command |= RESET;
+ } else if (strcmp (option, "ignore-db") == 0) {
+ command |= IGNORE_DB;
+ } else if (strcmp (option, "use-db") == 0) {
+ command |= USE_DB;
}
break;
case 'd':
@@ -1523,6 +1545,12 @@ main (int argc, char *argv[])
case GENERATE_PW_HASH:
ret = generate_pw_hash (input_pw);
break;
+ case IGNORE_DB:
+ ret = disable_db ();
+ break;
+ case USE_DB:
+ ret = enable_db ();
+ break;
default:
print_help ();
break;
--
1.8.1.4
From 2cc44c8e18c48a6985265fd3173e156280d1ec59 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 15 Nov 2013 09:41:41 -0500
Subject: [PATCH 03/10] Free mok lists we've allocated in our error paths.
Coverity says they're leaking, and it's right, though I suspect we just
exit anyway.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/mokutil.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index 41bd8eb..566c14e 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -343,6 +343,7 @@ delete_key_from_list (void *mok, uint32_t mok_size,
ret = 1;
done:
+ free (list);
free (var.Data);
return ret;
@@ -763,6 +764,7 @@ is_duplicate (const void *cert, const uint32_t cert_size, const char *db_name,
}
done:
+ free (list);
free (var.Data);
return ret;
@@ -1037,6 +1039,7 @@ export_moks ()
ret = 0;
error:
+ free (list);
free (var.Data);
return ret;
--
1.8.1.4
From 86007043adb5bbd2dd0e206998a16783779f9bd3 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 15 Nov 2013 09:43:57 -0500
Subject: [PATCH 04/10] Don't close file descriptors < 0.
Coverity complains, though you'll just get EBADFD.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/mokutil.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 566c14e..4f9b288 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1256,7 +1256,8 @@ error:
if (key)
free (key);
- close (fd);
+ if (fd >= 0)
+ close (fd);
return ret;
}
--
1.8.1.4
From 11d68c32f35306dd475d429ba8fbc127a1c77f44 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 15 Nov 2013 09:48:32 -0500
Subject: [PATCH 05/10] Error check reading hash from file.
Coverity noticed that if read() returns error, we're doing string[-1].
We're also only reading some of the file in some cases. Replaced this
with a proper read loop.
Also we were overruning the string by one byte.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/mokutil.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 4f9b288..2a5e72f 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -29,6 +29,7 @@
* version. If you delete this exception statement from all source
* files in the program, then also delete it here.
*/
+#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -567,7 +568,7 @@ static int
get_hash_from_file (const char *file, pw_crypt_t *pw_crypt)
{
char string[300];
- ssize_t read_len;
+ ssize_t read_len = 0;
int fd;
fd = open (file, O_RDONLY);
@@ -575,10 +576,23 @@ get_hash_from_file (const char *file, pw_crypt_t *pw_crypt)
fprintf (stderr, "Failed to open %s\n", file);
return -1;
}
- read_len = read (fd, string, 300);
+
+ while (read_len < 300) {
+ int rc = read (fd, string + read_len, 300 - read_len);
+ if (rc == EAGAIN)
+ continue;
+ if (rc < 0) {
+ fprintf (stderr, "Failed to read %s: %m\n", file);
+ close (fd);
+ return -1;
+ }
+ if (rc == 0)
+ break;
+ read_len += rc;
+ }
close (fd);
- if (string[read_len] != '\0') {
+ if (string[read_len-1] != '\0') {
fprintf (stderr, "corrupted string\n");
return -1;
}
--
1.8.1.4
From 97b09b346640ea74e7d51c9b59247cd75836c453 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 15 Nov 2013 10:01:35 -0500
Subject: [PATCH 06/10] Use a read/realloc loop to avoid a race condition on
stat()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Coverity says:
4. shim-0.7/mokutil-0.2.0/src/mokutil.c:1228:toctou Calling function
"open(char const *, int, ...)" that uses "key_file" after a check
function. This can cause a time-of-check, time-of-use race condition.
So with the new code we'll probably get garbage if somebody tries racing
that for some reason, but at least it'll be consistent garbage :)
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/mokutil.c | 35 ++++++++++++++++++++++++++---------
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 2a5e72f..f29b57d 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1227,6 +1227,30 @@ enable_db()
return set_toggle("MokDB", 1);
}
+static inline int
+read_file(int fd, char **bufp, size_t *lenptr) {
+ int alloced = 0, size = 0, i = 0;
+ char * buf = NULL;
+
+ do {
+ size += i;
+ if ((size + 1024) > alloced) {
+ alloced += 4096;
+ buf = realloc (buf, alloced + 1);
+ }
+ } while ((i = read (fd, buf + size, 1024)) > 0);
+
+ if (i < 0) {
+ free (buf);
+ return -1;
+ }
+
+ *bufp = buf;
+ *lenptr = size;
+
+ return 0;
+}
+
static int
test_key (const char *key_file)
{
@@ -1235,21 +1259,14 @@ test_key (const char *key_file)
ssize_t read_size;
int fd, ret = -1;
- if (stat (key_file, &buf) != 0) {
- fprintf (stderr, "Failed to get file status, %s\n", key_file);
- return -1;
- }
-
- key = malloc (buf.st_size);
-
fd = open (key_file, O_RDONLY);
if (fd < 0) {
fprintf (stderr, "Failed to open %s\n", key_file);
goto error;
}
- read_size = read (fd, key, buf.st_size);
- if (read_size < 0 || read_size != buf.st_size) {
+ int rc = read_file (fd, &key, &read_size);
+ if (rc < 0) {
fprintf (stderr, "Failed to read %s\n", key_file);
goto error;
}
--
1.8.1.4
From 5facb36c5320fe54d38ab081505259c962f8fadb Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 15 Nov 2013 10:04:06 -0500
Subject: [PATCH 07/10] Fix check for string termination that was actually a
NULL ptr check...
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Coverity says:
2. shim-0.7/mokutil-0.2.0/src/password-crypt.c:267:check_after_deref
Null-checking "tmp" suggests that it may be null, but it has already
been dereferenced on all paths leading to the check.
And:
2. shim-0.7/mokutil-0.2.0/src/password-crypt.c:215:check_after_deref
Null-checking "tmp" suggests that it may be null, but it has already
been dereferenced on all paths leading to the check.
But to me it looks like these were supposed to be checking for end-of-string
instead.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/password-crypt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/password-crypt.c b/src/password-crypt.c
index 7fbc3b6..17362f1 100644
--- a/src/password-crypt.c
+++ b/src/password-crypt.c
@@ -212,7 +212,7 @@ decode_sha256_pass (const char *string, pw_crypt_t *pw_crypt)
tmp = ptr;
if (strlen (ptr) > SHA256_B64_LENGTH) {
while (*tmp != '$') {
- if (tmp == '\0')
+ if (*tmp == '\0')
return -1;
count++;
tmp++;
@@ -264,7 +264,7 @@ decode_sha512_pass (const char *string, pw_crypt_t *pw_crypt)
tmp = ptr;
if (strlen (ptr) > SHA512_B64_LENGTH) {
while (*tmp != '$') {
- if (tmp == '\0')
+ if (*tmp == '\0')
return -1;
count++;
tmp++;
--
1.8.1.4
From fcae982278ee1399d44c10a162a825589f735b54 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 15 Nov 2013 10:23:03 -0500
Subject: [PATCH 08/10] Make generate_pw_hash() somewhat cleaner.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Coverity needlessly complains:
2. shim-0.7/mokutil-0.2.0/src/mokutil.c:1322:check_after_deref
Null-checking "password" suggests that it may be null, but it has
already been dereferenced on all paths leading to the check.
While this doesn't really make any difference, the whole ret and
error-path was overkill here, so I got rid of it.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/mokutil.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index f29b57d..c6cfb29 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1312,7 +1312,7 @@ generate_pw_hash (const char *input_pw)
char *crypt_string;
const char *prefix;
int prefix_len;
- int pw_len, salt_size, ret = -1;
+ int pw_len, salt_size;
if (input_pw) {
pw_len = strlen (input_pw);
@@ -1345,19 +1345,15 @@ generate_pw_hash (const char *input_pw)
settings[DEFAULT_SALT_SIZE + prefix_len] = '\0';
crypt_string = crypt (password, settings);
+ free (password);
if (!crypt_string) {
fprintf (stderr, "Failed to generate hash\n");
- goto error;
+ return -1;
}
printf ("%s\n", crypt_string);
- ret = 0;
-error:
- if (password)
- free (password);
-
- return ret;
+ return 0;
}
int
@@ -1489,6 +1485,10 @@ main (int argc, char *argv[])
break;
case 't':
key_file = strdup (optarg);
+ if (key_file == NULL) {
+ fprintf (stderr, "Could not allocate space: %m\n");
+ exit(1);
+ }
command |= TEST_KEY;
break;
--
1.8.1.4
From ab16ba45293896bc9e649d23e20ae4e39946f219 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 25 Nov 2013 16:55:23 +0800
Subject: [PATCH 09/10] Fix warnings from gcc
---
src/mokutil.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index c6cfb29..9aa4376 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1228,9 +1228,9 @@ enable_db()
}
static inline int
-read_file(int fd, char **bufp, size_t *lenptr) {
+read_file(int fd, void **bufp, size_t *lenptr) {
int alloced = 0, size = 0, i = 0;
- char * buf = NULL;
+ void * buf = NULL;
do {
size += i;
@@ -1254,10 +1254,9 @@ read_file(int fd, char **bufp, size_t *lenptr) {
static int
test_key (const char *key_file)
{
- struct stat buf;
void *key = NULL;
- ssize_t read_size;
- int fd, ret = -1;
+ size_t read_size;
+ int fd, rc, ret = -1;
fd = open (key_file, O_RDONLY);
if (fd < 0) {
@@ -1265,7 +1264,7 @@ test_key (const char *key_file)
goto error;
}
- int rc = read_file (fd, &key, &read_size);
+ rc = read_file (fd, &key, &read_size);
if (rc < 0) {
fprintf (stderr, "Failed to read %s\n", key_file);
goto error;
--
1.8.1.4
From a1a7385419b45834a728464f36100fa1098b9741 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 25 Nov 2013 16:57:33 +0800
Subject: [PATCH 10/10] Fix the indentation
---
src/mokutil.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 9aa4376..e4e247c 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1229,26 +1229,26 @@ enable_db()
static inline int
read_file(int fd, void **bufp, size_t *lenptr) {
- int alloced = 0, size = 0, i = 0;
- void * buf = NULL;
-
- do {
- size += i;
- if ((size + 1024) > alloced) {
- alloced += 4096;
- buf = realloc (buf, alloced + 1);
- }
- } while ((i = read (fd, buf + size, 1024)) > 0);
+ int alloced = 0, size = 0, i = 0;
+ void * buf = NULL;
- if (i < 0) {
- free (buf);
- return -1;
- }
+ do {
+ size += i;
+ if ((size + 1024) > alloced) {
+ alloced += 4096;
+ buf = realloc (buf, alloced + 1);
+ }
+ } while ((i = read (fd, buf + size, 1024)) > 0);
- *bufp = buf;
- *lenptr = size;
+ if (i < 0) {
+ free (buf);
+ return -1;
+ }
+
+ *bufp = buf;
+ *lenptr = size;
- return 0;
+ return 0;
}
static int
--
1.8.1.4

View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Tue Nov 4 07:52:54 UTC 2014 - glin@suse.com
- Update to 0.3.0
- Add mokutil-fix-overflow.patch to fix the buffer overflow
- Drop upstreamed patches
+ mokutil-upstream-fixes.patch
+ mokutil-mokx-support.patch
+ mokutil-check-corrupted-key-list.patch
+ mokutil-check-secure-boot-support.patch
+ mokutil-clean-request.patch
+ mokutil-fix-hash-file-read.patch
+ mokutil-fix-hash-list-size.patch
+ mokutil-more-details-for-skipped-keys.patch
+ mokutil-no-invalid-x509.patch
- Refresh mokutil-support-revoke-builtin-cert.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 16 04:11:50 UTC 2014 - glin@suse.com Wed Apr 16 04:11:50 UTC 2014 - glin@suse.com

View File

@ -17,35 +17,21 @@
Name: mokutil Name: mokutil
Version: 0.2.0 Version: 0.3.0
Release: 0 Release: 0
Summary: Tools for manipulating machine owner keys Summary: Tools for manipulating machine owner keys
License: GPL-3.0 License: GPL-3.0
Group: Productivity/Security Group: Productivity/Security
Url: https://github.com/lcp/mokutil Url: https://github.com/lcp/mokutil
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
# PATCH-FIX-UPSTREAM mokutil-upstream-fixes.patch glin@suse.com -- Include upstream fixes for db signature check, gcc warnings, error handling # PATCH-FIX-UPSTREAM mokutil-fix-overflow.patch glin@suse.com -- Fix the potential buffer overflow
Patch1: mokutil-upstream-fixes.patch Patch1: mokutil-fix-overflow.patch
# PATCH-FIX-UPSTREAM mokutil-mokx-support.patch glin@suse.com -- Support the MOK blacklist # OPENSUSE ONLY
Patch2: mokutil-mokx-support.patch
# PATCH-FIX-UPSTREAM mokutil-fix-hash-list-size.patch glin@suse.com -- Update the list size after merging or deleting a hash
Patch3: mokutil-fix-hash-list-size.patch
# PATCH-FIX-UPSTREAM mokutil-clean-request.patch glin@suse.com -- Clear the request if all keys are removed
Patch4: mokutil-clean-request.patch
# PATCH-FIX-UPSTREAM mokutil-more-details-for-skipped-keys.patch glin@suse.com -- Be more verbose while skipping a key
Patch5: mokutil-more-details-for-skipped-keys.patch
# PATCH-FIX-UPSTREAM mokutil-check-secure-boot-support.patch glin@suse.com -- Check whether the system supports secure boot or not
Patch6: mokutil-check-secure-boot-support.patch
# PATCH-FIX-UPSTREAM mokutil-check-corrupted-key-list.patch glin@suse.com -- Add a check for corrupted list
Patch7: mokutil-check-corrupted-key-list.patch
# PATCH-FIX-UPSTREAM mokutil-no-invalid-x509.patch glin@suse.com -- Don't import an invalid x509 certificate
Patch8: mokutil-no-invalid-x509.patch
# PATCH-FIX-UPSTREAM mokutil-fix-hash-file-read.patch glin@suse.com -- Fix the error handling of reading a hash file
Patch9: mokutil-fix-hash-file-read.patch
# PATCH-FIX-OPENSUSE mokutil-support-revoke-builtin-cert.patch glin@suse.com -- Add an option to revoke the built-in certificate # PATCH-FIX-OPENSUSE mokutil-support-revoke-builtin-cert.patch glin@suse.com -- Add an option to revoke the built-in certificate
Patch100: mokutil-support-revoke-builtin-cert.patch Patch100: mokutil-support-revoke-builtin-cert.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: efivar-devel >= 0.12
BuildRequires: libopenssl-devel >= 0.9.8 BuildRequires: libopenssl-devel >= 0.9.8
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -64,14 +50,6 @@ Authors:
%prep %prep
%setup -q %setup -q
%patch1 -p1 %patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch100 -p1 %patch100 -p1
%build %build