30ebafa53a
Include upstream patches and support MOK blacklist OBS-URL: https://build.opensuse.org/request/show/209457 OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=12
854 lines
25 KiB
Diff
854 lines
25 KiB
Diff
From 9bbf4150add7de95bfeed8515aa9d9d63977ebd4 Mon Sep 17 00:00:00 2001
|
||
From: Gary Ching-Pang Lin <glin@suse.com>
|
||
Date: Wed, 25 Sep 2013 18:04:29 +0800
|
||
Subject: [PATCH 01/10] Update the copyright declaration
|
||
|
||
Allow the binary to be linked with openssl
|
||
---
|
||
src/efi.h | 47 +++++++++++++++++++++++++++++------------------
|
||
src/efilib.c | 17 +++++++++++++++++
|
||
src/mokutil.c | 14 ++++++++++++++
|
||
src/password-crypt.c | 14 ++++++++++++++
|
||
src/password-crypt.h | 14 ++++++++++++++
|
||
src/signature.h | 30 ++++++++++++++++++++++++++++++
|
||
6 files changed, 118 insertions(+), 18 deletions(-)
|
||
|
||
diff --git a/src/efi.h b/src/efi.h
|
||
index 7930a94..a622a2b 100644
|
||
--- a/src/efi.h
|
||
+++ b/src/efi.h
|
||
@@ -1,22 +1,33 @@
|
||
/*
|
||
- efi.h - Extensible Firmware Interface definitions
|
||
-
|
||
- Copyright (C) 2001, 2003 Dell Computer Corporation <Matt_Domsch@dell.com>
|
||
- Copyright (C) 2012 Gary Lin <glin@suse.com>
|
||
-
|
||
- This program is free software; you can redistribute it and/or modify
|
||
- it under the terms of the GNU General Public License as published by
|
||
- the Free Software Foundation; either version 2 of the License, or
|
||
- (at your option) any later version.
|
||
-
|
||
- This program is distributed in the hope that it will be useful,
|
||
- but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
- GNU General Public License for more details.
|
||
-
|
||
- You should have received a copy of the GNU General Public License
|
||
- along with this program; if not, write to the Free Software
|
||
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||
+ * Copyright (C) 2001, 2003 Dell Computer Corporation <Matt_Domsch@dell.com>
|
||
+ * Copyright (C) 2012-2013 Gary Lin <glin@suse.com>
|
||
+ *
|
||
+ * This program is free software: you can redistribute it and/or modify
|
||
+ * it under the terms of the GNU General Public License as published by
|
||
+ * the Free Software Foundation, either version 3 of the License, or
|
||
+ * (at your option) any later version.
|
||
+ *
|
||
+ * This program is distributed in the hope that it will be useful,
|
||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
+ * GNU General Public License for more details.
|
||
+ *
|
||
+ * You should have received a copy of the GNU General Public License
|
||
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
+ *
|
||
+ * In addition, as a special exception, the copyright holders give
|
||
+ * permission to link the code of portions of this program with the
|
||
+ * OpenSSL library under certain conditions as described in each
|
||
+ * individual source file, and distribute linked combinations
|
||
+ * including the two.
|
||
+ *
|
||
+ * You must obey the GNU General Public License in all respects
|
||
+ * for all of the code used other than OpenSSL. If you modify
|
||
+ * file(s) with this exception, you may extend this exception to your
|
||
+ * version of the file(s), but you are not obligated to do so. If you
|
||
+ * do not wish to do so, delete this exception statement from your
|
||
+ * version. If you delete this exception statement from all source
|
||
+ * files in the program, then also delete it here.
|
||
*/
|
||
|
||
#ifndef EFI_H
|
||
diff --git a/src/efilib.c b/src/efilib.c
|
||
index c2336f9..6db914f 100644
|
||
--- a/src/efilib.c
|
||
+++ b/src/efilib.c
|
||
@@ -14,6 +14,23 @@
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
*
|
||
+ * You should have received a copy of the GNU General Public License
|
||
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
+ *
|
||
+ * In addition, as a special exception, the copyright holders give
|
||
+ * permission to link the code of portions of this program with the
|
||
+ * OpenSSL library under certain conditions as described in each
|
||
+ * individual source file, and distribute linked combinations
|
||
+ * including the two.
|
||
+ *
|
||
+ * You must obey the GNU General Public License in all respects
|
||
+ * for all of the code used other than OpenSSL. If you modify
|
||
+ * file(s) with this exception, you may extend this exception to your
|
||
+ * version of the file(s), but you are not obligated to do so. If you
|
||
+ * do not wish to do so, delete this exception statement from your
|
||
+ * version. If you delete this exception statement from all source
|
||
+ * files in the program, then also delete it here.
|
||
+ *
|
||
* A part of the source code is copied from efibootmgr
|
||
*/
|
||
#include <sys/types.h>
|
||
diff --git a/src/mokutil.c b/src/mokutil.c
|
||
index e7ea08f..109a3eb 100644
|
||
--- a/src/mokutil.c
|
||
+++ b/src/mokutil.c
|
||
@@ -14,6 +14,20 @@
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
+ *
|
||
+ * In addition, as a special exception, the copyright holders give
|
||
+ * permission to link the code of portions of this program with the
|
||
+ * OpenSSL library under certain conditions as described in each
|
||
+ * individual source file, and distribute linked combinations
|
||
+ * including the two.
|
||
+ *
|
||
+ * You must obey the GNU General Public License in all respects
|
||
+ * for all of the code used other than OpenSSL. If you modify
|
||
+ * file(s) with this exception, you may extend this exception to your
|
||
+ * version of the file(s), but you are not obligated to do so. If you
|
||
+ * do not wish to do so, delete this exception statement from your
|
||
+ * version. If you delete this exception statement from all source
|
||
+ * files in the program, then also delete it here.
|
||
*/
|
||
#include <stdio.h>
|
||
#include <stdlib.h>
|
||
diff --git a/src/password-crypt.c b/src/password-crypt.c
|
||
index a1d213b..7fbc3b6 100644
|
||
--- a/src/password-crypt.c
|
||
+++ b/src/password-crypt.c
|
||
@@ -13,6 +13,20 @@
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
+ *
|
||
+ * In addition, as a special exception, the copyright holders give
|
||
+ * permission to link the code of portions of this program with the
|
||
+ * OpenSSL library under certain conditions as described in each
|
||
+ * individual source file, and distribute linked combinations
|
||
+ * including the two.
|
||
+ *
|
||
+ * You must obey the GNU General Public License in all respects
|
||
+ * for all of the code used other than OpenSSL. If you modify
|
||
+ * file(s) with this exception, you may extend this exception to your
|
||
+ * version of the file(s), but you are not obligated to do so. If you
|
||
+ * do not wish to do so, delete this exception statement from your
|
||
+ * version. If you delete this exception statement from all source
|
||
+ * files in the program, then also delete it here.
|
||
*/
|
||
#include <string.h>
|
||
#include <stdlib.h>
|
||
diff --git a/src/password-crypt.h b/src/password-crypt.h
|
||
index b694ac1..04451b4 100644
|
||
--- a/src/password-crypt.h
|
||
+++ b/src/password-crypt.h
|
||
@@ -13,6 +13,20 @@
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
+ *
|
||
+ * In addition, as a special exception, the copyright holders give
|
||
+ * permission to link the code of portions of this program with the
|
||
+ * OpenSSL library under certain conditions as described in each
|
||
+ * individual source file, and distribute linked combinations
|
||
+ * including the two.
|
||
+ *
|
||
+ * You must obey the GNU General Public License in all respects
|
||
+ * for all of the code used other than OpenSSL. If you modify
|
||
+ * file(s) with this exception, you may extend this exception to your
|
||
+ * version of the file(s), but you are not obligated to do so. If you
|
||
+ * do not wish to do so, delete this exception statement from your
|
||
+ * version. If you delete this exception statement from all source
|
||
+ * files in the program, then also delete it here.
|
||
*/
|
||
#ifndef __PASSWORD_CRYPT_H__
|
||
#define __PASSWORD_CRYPT_H__
|
||
diff --git a/src/signature.h b/src/signature.h
|
||
index f795f14..df88e98 100644
|
||
--- a/src/signature.h
|
||
+++ b/src/signature.h
|
||
@@ -1,3 +1,33 @@
|
||
+/**
|
||
+ * Copyright (C) 2012-2013 Gary Lin <glin@suse.com>
|
||
+ *
|
||
+ * This program is free software: you can redistribute it and/or modify
|
||
+ * it under the terms of the GNU General Public License as published by
|
||
+ * the Free Software Foundation, either version 3 of the License, or
|
||
+ * (at your option) any later version.
|
||
+ *
|
||
+ * This program is distributed in the hope that it will be useful,
|
||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
+ * GNU General Public License for more details.
|
||
+ *
|
||
+ * You should have received a copy of the GNU General Public License
|
||
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
+ *
|
||
+ * In addition, as a special exception, the copyright holders give
|
||
+ * permission to link the code of portions of this program with the
|
||
+ * OpenSSL library under certain conditions as described in each
|
||
+ * individual source file, and distribute linked combinations
|
||
+ * including the two.
|
||
+ *
|
||
+ * You must obey the GNU General Public License in all respects
|
||
+ * for all of the code used other than OpenSSL. If you modify
|
||
+ * file(s) with this exception, you may extend this exception to your
|
||
+ * version of the file(s), but you are not obligated to do so. If you
|
||
+ * do not wish to do so, delete this exception statement from your
|
||
+ * version. If you delete this exception statement from all source
|
||
+ * files in the program, then also delete it here.
|
||
+ */
|
||
#define SHA256_DIGEST_SIZE 32
|
||
|
||
#define EfiHashSha1Guid EFI_GUID (0x826ca512, 0xcf10, 0x4ac9, 0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd)
|
||
--
|
||
1.8.1.4
|
||
|
||
|
||
From dcb76ee1e91c02a026bc0b0b8d02dac71d3c85e1 Mon Sep 17 00:00:00 2001
|
||
From: Josh Boyer <jwboyer@fedoraproject.org>
|
||
Date: Wed, 2 Oct 2013 13:09:20 -0400
|
||
Subject: [PATCH 02/10] Add support for disabling/enabling the use of DB for
|
||
verification
|
||
|
||
This lets a user disable the use of DB for verification purposes. The new
|
||
options "--ignore-db" and "--use-db" toggle the state of this. This sets
|
||
a UEFI variable called MokDB that makes MokManager prompt the user to approve
|
||
the setting after a reboot.
|
||
|
||
We refactor MokSBVar to MokToggleVar and set_validation to set_toggle, as
|
||
both MokDB and MokSB are really just toggle variables.
|
||
---
|
||
src/mokutil.c | 54 +++++++++++++++++++++++++++++++++++++++++-------------
|
||
1 file changed, 41 insertions(+), 13 deletions(-)
|
||
|
||
diff --git a/src/mokutil.c b/src/mokutil.c
|
||
index 109a3eb..41bd8eb 100644
|
||
--- a/src/mokutil.c
|
||
+++ b/src/mokutil.c
|
||
@@ -76,6 +76,8 @@ EFI_GUID (0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b,
|
||
#define RESET (1 << 15)
|
||
#define GENERATE_PW_HASH (1 << 16)
|
||
#define SIMPLE_HASH (1 << 17)
|
||
+#define IGNORE_DB (1 << 18)
|
||
+#define USE_DB (1 << 19)
|
||
|
||
#define DEFAULT_CRYPT_METHOD SHA512_BASED
|
||
#define DEFAULT_SALT_SIZE SHA512_SALT_MAX
|
||
@@ -90,10 +92,10 @@ typedef struct {
|
||
} MokListNode;
|
||
|
||
typedef struct {
|
||
- uint32_t mok_sb_state;
|
||
+ uint32_t mok_toggle_state;
|
||
uint32_t password_length;
|
||
uint16_t password[SB_PASSWORD_MAX];
|
||
-} MokSBVar;
|
||
+} MokToggleVar;
|
||
|
||
static void
|
||
print_help ()
|
||
@@ -119,6 +121,8 @@ print_help ()
|
||
printf (" --test-key <der file>\t\t\tTest if the key is enrolled or not\n");
|
||
printf (" --reset\t\t\t\tReset MOK list\n");
|
||
printf (" --generate-hash[=password]\t\tGenerate the password hash\n");
|
||
+ printf (" --ignore-db\t\t\t\tIgnore DB for validation\n");
|
||
+ printf (" --use-db\t\t\t\tUse DB for validation\n");
|
||
printf ("\n");
|
||
printf ("Supplimentary Options:\n");
|
||
printf (" --hash-file <hash file>\t\tUse the specific password hash\n");
|
||
@@ -1108,10 +1112,10 @@ error:
|
||
}
|
||
|
||
static int
|
||
-set_validation (uint32_t state)
|
||
+set_toggle (const char * VarName, uint32_t state)
|
||
{
|
||
efi_variable_t var;
|
||
- MokSBVar sbvar;
|
||
+ MokToggleVar tvar;
|
||
char *password = NULL;
|
||
int pw_len;
|
||
efi_char16_t efichar_pass[SB_PASSWORD_MAX];
|
||
@@ -1123,26 +1127,26 @@ set_validation (uint32_t state)
|
||
goto error;
|
||
}
|
||
|
||
- sbvar.password_length = pw_len;
|
||
+ tvar.password_length = pw_len;
|
||
|
||
efichar_from_char (efichar_pass, password,
|
||
SB_PASSWORD_MAX * sizeof(efi_char16_t));
|
||
|
||
- memcpy(sbvar.password, efichar_pass,
|
||
+ memcpy(tvar.password, efichar_pass,
|
||
SB_PASSWORD_MAX * sizeof(efi_char16_t));
|
||
|
||
- sbvar.mok_sb_state = state;
|
||
+ tvar.mok_toggle_state = state;
|
||
|
||
- var.VariableName = "MokSB";
|
||
+ var.VariableName = VarName;
|
||
var.VendorGuid = SHIM_LOCK_GUID;
|
||
- var.Data = (void *)&sbvar;
|
||
- var.DataSize = sizeof(sbvar);
|
||
+ var.Data = (void *)&tvar;
|
||
+ var.DataSize = sizeof(tvar);
|
||
var.Attributes = EFI_VARIABLE_NON_VOLATILE
|
||
| EFI_VARIABLE_BOOTSERVICE_ACCESS
|
||
| EFI_VARIABLE_RUNTIME_ACCESS;
|
||
|
||
if (edit_protected_variable (&var) != EFI_SUCCESS) {
|
||
- fprintf (stderr, "Failed to request new SB state\n");
|
||
+ fprintf (stderr, "Failed to request new %s state\n", VarName);
|
||
goto error;
|
||
}
|
||
|
||
@@ -1156,13 +1160,13 @@ error:
|
||
static int
|
||
disable_validation()
|
||
{
|
||
- return set_validation(0);
|
||
+ return set_toggle("MokSB", 0);
|
||
}
|
||
|
||
static int
|
||
enable_validation()
|
||
{
|
||
- return set_validation(1);
|
||
+ return set_toggle("MokSB", 1);
|
||
}
|
||
|
||
static int
|
||
@@ -1195,6 +1199,18 @@ sb_state ()
|
||
}
|
||
|
||
static int
|
||
+disable_db()
|
||
+{
|
||
+ return set_toggle("MokDB", 0);
|
||
+}
|
||
+
|
||
+static int
|
||
+enable_db()
|
||
+{
|
||
+ return set_toggle("MokDB", 1);
|
||
+}
|
||
+
|
||
+static int
|
||
test_key (const char *key_file)
|
||
{
|
||
struct stat buf;
|
||
@@ -1346,6 +1362,8 @@ main (int argc, char *argv[])
|
||
{"generate-hash", optional_argument, 0, 'g'},
|
||
{"root-pw", no_argument, 0, 'P'},
|
||
{"simple-hash", no_argument, 0, 's'},
|
||
+ {"ignore-db", no_argument, 0, 0 },
|
||
+ {"use-db", no_argument, 0, 0 },
|
||
{0, 0, 0, 0}
|
||
};
|
||
|
||
@@ -1377,6 +1395,10 @@ main (int argc, char *argv[])
|
||
command |= SB_STATE;
|
||
} else if (strcmp (option, "reset") == 0) {
|
||
command |= RESET;
|
||
+ } else if (strcmp (option, "ignore-db") == 0) {
|
||
+ command |= IGNORE_DB;
|
||
+ } else if (strcmp (option, "use-db") == 0) {
|
||
+ command |= USE_DB;
|
||
}
|
||
break;
|
||
case 'd':
|
||
@@ -1523,6 +1545,12 @@ main (int argc, char *argv[])
|
||
case GENERATE_PW_HASH:
|
||
ret = generate_pw_hash (input_pw);
|
||
break;
|
||
+ case IGNORE_DB:
|
||
+ ret = disable_db ();
|
||
+ break;
|
||
+ case USE_DB:
|
||
+ ret = enable_db ();
|
||
+ break;
|
||
default:
|
||
print_help ();
|
||
break;
|
||
--
|
||
1.8.1.4
|
||
|
||
|
||
From 2cc44c8e18c48a6985265fd3173e156280d1ec59 Mon Sep 17 00:00:00 2001
|
||
From: Peter Jones <pjones@redhat.com>
|
||
Date: Fri, 15 Nov 2013 09:41:41 -0500
|
||
Subject: [PATCH 03/10] Free mok lists we've allocated in our error paths.
|
||
|
||
Coverity says they're leaking, and it's right, though I suspect we just
|
||
exit anyway.
|
||
|
||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||
---
|
||
src/mokutil.c | 3 +++
|
||
1 file changed, 3 insertions(+)
|
||
|
||
diff --git a/src/mokutil.c b/src/mokutil.c
|
||
index 41bd8eb..566c14e 100644
|
||
--- a/src/mokutil.c
|
||
+++ b/src/mokutil.c
|
||
@@ -343,6 +343,7 @@ delete_key_from_list (void *mok, uint32_t mok_size,
|
||
|
||
ret = 1;
|
||
done:
|
||
+ free (list);
|
||
free (var.Data);
|
||
|
||
return ret;
|
||
@@ -763,6 +764,7 @@ is_duplicate (const void *cert, const uint32_t cert_size, const char *db_name,
|
||
}
|
||
|
||
done:
|
||
+ free (list);
|
||
free (var.Data);
|
||
|
||
return ret;
|
||
@@ -1037,6 +1039,7 @@ export_moks ()
|
||
|
||
ret = 0;
|
||
error:
|
||
+ free (list);
|
||
free (var.Data);
|
||
|
||
return ret;
|
||
--
|
||
1.8.1.4
|
||
|
||
|
||
From 86007043adb5bbd2dd0e206998a16783779f9bd3 Mon Sep 17 00:00:00 2001
|
||
From: Peter Jones <pjones@redhat.com>
|
||
Date: Fri, 15 Nov 2013 09:43:57 -0500
|
||
Subject: [PATCH 04/10] Don't close file descriptors < 0.
|
||
|
||
Coverity complains, though you'll just get EBADFD.
|
||
|
||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||
---
|
||
src/mokutil.c | 3 ++-
|
||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||
|
||
diff --git a/src/mokutil.c b/src/mokutil.c
|
||
index 566c14e..4f9b288 100644
|
||
--- a/src/mokutil.c
|
||
+++ b/src/mokutil.c
|
||
@@ -1256,7 +1256,8 @@ error:
|
||
if (key)
|
||
free (key);
|
||
|
||
- close (fd);
|
||
+ if (fd >= 0)
|
||
+ close (fd);
|
||
|
||
return ret;
|
||
}
|
||
--
|
||
1.8.1.4
|
||
|
||
|
||
From 11d68c32f35306dd475d429ba8fbc127a1c77f44 Mon Sep 17 00:00:00 2001
|
||
From: Peter Jones <pjones@redhat.com>
|
||
Date: Fri, 15 Nov 2013 09:48:32 -0500
|
||
Subject: [PATCH 05/10] Error check reading hash from file.
|
||
|
||
Coverity noticed that if read() returns error, we're doing string[-1].
|
||
We're also only reading some of the file in some cases. Replaced this
|
||
with a proper read loop.
|
||
|
||
Also we were overruning the string by one byte.
|
||
|
||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||
---
|
||
src/mokutil.c | 20 +++++++++++++++++---
|
||
1 file changed, 17 insertions(+), 3 deletions(-)
|
||
|
||
diff --git a/src/mokutil.c b/src/mokutil.c
|
||
index 4f9b288..2a5e72f 100644
|
||
--- a/src/mokutil.c
|
||
+++ b/src/mokutil.c
|
||
@@ -29,6 +29,7 @@
|
||
* version. If you delete this exception statement from all source
|
||
* files in the program, then also delete it here.
|
||
*/
|
||
+#include <errno.h>
|
||
#include <stdio.h>
|
||
#include <stdlib.h>
|
||
#include <string.h>
|
||
@@ -567,7 +568,7 @@ static int
|
||
get_hash_from_file (const char *file, pw_crypt_t *pw_crypt)
|
||
{
|
||
char string[300];
|
||
- ssize_t read_len;
|
||
+ ssize_t read_len = 0;
|
||
int fd;
|
||
|
||
fd = open (file, O_RDONLY);
|
||
@@ -575,10 +576,23 @@ get_hash_from_file (const char *file, pw_crypt_t *pw_crypt)
|
||
fprintf (stderr, "Failed to open %s\n", file);
|
||
return -1;
|
||
}
|
||
- read_len = read (fd, string, 300);
|
||
+
|
||
+ while (read_len < 300) {
|
||
+ int rc = read (fd, string + read_len, 300 - read_len);
|
||
+ if (rc == EAGAIN)
|
||
+ continue;
|
||
+ if (rc < 0) {
|
||
+ fprintf (stderr, "Failed to read %s: %m\n", file);
|
||
+ close (fd);
|
||
+ return -1;
|
||
+ }
|
||
+ if (rc == 0)
|
||
+ break;
|
||
+ read_len += rc;
|
||
+ }
|
||
close (fd);
|
||
|
||
- if (string[read_len] != '\0') {
|
||
+ if (string[read_len-1] != '\0') {
|
||
fprintf (stderr, "corrupted string\n");
|
||
return -1;
|
||
}
|
||
--
|
||
1.8.1.4
|
||
|
||
|
||
From 97b09b346640ea74e7d51c9b59247cd75836c453 Mon Sep 17 00:00:00 2001
|
||
From: Peter Jones <pjones@redhat.com>
|
||
Date: Fri, 15 Nov 2013 10:01:35 -0500
|
||
Subject: [PATCH 06/10] Use a read/realloc loop to avoid a race condition on
|
||
stat()
|
||
MIME-Version: 1.0
|
||
Content-Type: text/plain; charset=UTF-8
|
||
Content-Transfer-Encoding: 8bit
|
||
|
||
Coverity says:
|
||
4. shim-0.7/mokutil-0.2.0/src/mokutil.c:1228:toctou – Calling function
|
||
"open(char const *, int, ...)" that uses "key_file" after a check
|
||
function. This can cause a time-of-check, time-of-use race condition.
|
||
|
||
So with the new code we'll probably get garbage if somebody tries racing
|
||
that for some reason, but at least it'll be consistent garbage :)
|
||
|
||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||
---
|
||
src/mokutil.c | 35 ++++++++++++++++++++++++++---------
|
||
1 file changed, 26 insertions(+), 9 deletions(-)
|
||
|
||
diff --git a/src/mokutil.c b/src/mokutil.c
|
||
index 2a5e72f..f29b57d 100644
|
||
--- a/src/mokutil.c
|
||
+++ b/src/mokutil.c
|
||
@@ -1227,6 +1227,30 @@ enable_db()
|
||
return set_toggle("MokDB", 1);
|
||
}
|
||
|
||
+static inline int
|
||
+read_file(int fd, char **bufp, size_t *lenptr) {
|
||
+ int alloced = 0, size = 0, i = 0;
|
||
+ char * buf = NULL;
|
||
+
|
||
+ do {
|
||
+ size += i;
|
||
+ if ((size + 1024) > alloced) {
|
||
+ alloced += 4096;
|
||
+ buf = realloc (buf, alloced + 1);
|
||
+ }
|
||
+ } while ((i = read (fd, buf + size, 1024)) > 0);
|
||
+
|
||
+ if (i < 0) {
|
||
+ free (buf);
|
||
+ return -1;
|
||
+ }
|
||
+
|
||
+ *bufp = buf;
|
||
+ *lenptr = size;
|
||
+
|
||
+ return 0;
|
||
+}
|
||
+
|
||
static int
|
||
test_key (const char *key_file)
|
||
{
|
||
@@ -1235,21 +1259,14 @@ test_key (const char *key_file)
|
||
ssize_t read_size;
|
||
int fd, ret = -1;
|
||
|
||
- if (stat (key_file, &buf) != 0) {
|
||
- fprintf (stderr, "Failed to get file status, %s\n", key_file);
|
||
- return -1;
|
||
- }
|
||
-
|
||
- key = malloc (buf.st_size);
|
||
-
|
||
fd = open (key_file, O_RDONLY);
|
||
if (fd < 0) {
|
||
fprintf (stderr, "Failed to open %s\n", key_file);
|
||
goto error;
|
||
}
|
||
|
||
- read_size = read (fd, key, buf.st_size);
|
||
- if (read_size < 0 || read_size != buf.st_size) {
|
||
+ int rc = read_file (fd, &key, &read_size);
|
||
+ if (rc < 0) {
|
||
fprintf (stderr, "Failed to read %s\n", key_file);
|
||
goto error;
|
||
}
|
||
--
|
||
1.8.1.4
|
||
|
||
|
||
From 5facb36c5320fe54d38ab081505259c962f8fadb Mon Sep 17 00:00:00 2001
|
||
From: Peter Jones <pjones@redhat.com>
|
||
Date: Fri, 15 Nov 2013 10:04:06 -0500
|
||
Subject: [PATCH 07/10] Fix check for string termination that was actually a
|
||
NULL ptr check...
|
||
MIME-Version: 1.0
|
||
Content-Type: text/plain; charset=UTF-8
|
||
Content-Transfer-Encoding: 8bit
|
||
|
||
Coverity says:
|
||
|
||
2. shim-0.7/mokutil-0.2.0/src/password-crypt.c:267:check_after_deref –
|
||
Null-checking "tmp" suggests that it may be null, but it has already
|
||
been dereferenced on all paths leading to the check.
|
||
|
||
And:
|
||
|
||
2. shim-0.7/mokutil-0.2.0/src/password-crypt.c:215:check_after_deref –
|
||
Null-checking "tmp" suggests that it may be null, but it has already
|
||
been dereferenced on all paths leading to the check.
|
||
|
||
But to me it looks like these were supposed to be checking for end-of-string
|
||
instead.
|
||
|
||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||
---
|
||
src/password-crypt.c | 4 ++--
|
||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
||
diff --git a/src/password-crypt.c b/src/password-crypt.c
|
||
index 7fbc3b6..17362f1 100644
|
||
--- a/src/password-crypt.c
|
||
+++ b/src/password-crypt.c
|
||
@@ -212,7 +212,7 @@ decode_sha256_pass (const char *string, pw_crypt_t *pw_crypt)
|
||
tmp = ptr;
|
||
if (strlen (ptr) > SHA256_B64_LENGTH) {
|
||
while (*tmp != '$') {
|
||
- if (tmp == '\0')
|
||
+ if (*tmp == '\0')
|
||
return -1;
|
||
count++;
|
||
tmp++;
|
||
@@ -264,7 +264,7 @@ decode_sha512_pass (const char *string, pw_crypt_t *pw_crypt)
|
||
tmp = ptr;
|
||
if (strlen (ptr) > SHA512_B64_LENGTH) {
|
||
while (*tmp != '$') {
|
||
- if (tmp == '\0')
|
||
+ if (*tmp == '\0')
|
||
return -1;
|
||
count++;
|
||
tmp++;
|
||
--
|
||
1.8.1.4
|
||
|
||
|
||
From fcae982278ee1399d44c10a162a825589f735b54 Mon Sep 17 00:00:00 2001
|
||
From: Peter Jones <pjones@redhat.com>
|
||
Date: Fri, 15 Nov 2013 10:23:03 -0500
|
||
Subject: [PATCH 08/10] Make generate_pw_hash() somewhat cleaner.
|
||
MIME-Version: 1.0
|
||
Content-Type: text/plain; charset=UTF-8
|
||
Content-Transfer-Encoding: 8bit
|
||
|
||
Coverity needlessly complains:
|
||
|
||
2. shim-0.7/mokutil-0.2.0/src/mokutil.c:1322:check_after_deref –
|
||
Null-checking "password" suggests that it may be null, but it has
|
||
already been dereferenced on all paths leading to the check.
|
||
|
||
While this doesn't really make any difference, the whole ret and
|
||
error-path was overkill here, so I got rid of it.
|
||
|
||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||
---
|
||
src/mokutil.c | 16 ++++++++--------
|
||
1 file changed, 8 insertions(+), 8 deletions(-)
|
||
|
||
diff --git a/src/mokutil.c b/src/mokutil.c
|
||
index f29b57d..c6cfb29 100644
|
||
--- a/src/mokutil.c
|
||
+++ b/src/mokutil.c
|
||
@@ -1312,7 +1312,7 @@ generate_pw_hash (const char *input_pw)
|
||
char *crypt_string;
|
||
const char *prefix;
|
||
int prefix_len;
|
||
- int pw_len, salt_size, ret = -1;
|
||
+ int pw_len, salt_size;
|
||
|
||
if (input_pw) {
|
||
pw_len = strlen (input_pw);
|
||
@@ -1345,19 +1345,15 @@ generate_pw_hash (const char *input_pw)
|
||
settings[DEFAULT_SALT_SIZE + prefix_len] = '\0';
|
||
|
||
crypt_string = crypt (password, settings);
|
||
+ free (password);
|
||
if (!crypt_string) {
|
||
fprintf (stderr, "Failed to generate hash\n");
|
||
- goto error;
|
||
+ return -1;
|
||
}
|
||
|
||
printf ("%s\n", crypt_string);
|
||
|
||
- ret = 0;
|
||
-error:
|
||
- if (password)
|
||
- free (password);
|
||
-
|
||
- return ret;
|
||
+ return 0;
|
||
}
|
||
|
||
int
|
||
@@ -1489,6 +1485,10 @@ main (int argc, char *argv[])
|
||
break;
|
||
case 't':
|
||
key_file = strdup (optarg);
|
||
+ if (key_file == NULL) {
|
||
+ fprintf (stderr, "Could not allocate space: %m\n");
|
||
+ exit(1);
|
||
+ }
|
||
|
||
command |= TEST_KEY;
|
||
break;
|
||
--
|
||
1.8.1.4
|
||
|
||
|
||
From ab16ba45293896bc9e649d23e20ae4e39946f219 Mon Sep 17 00:00:00 2001
|
||
From: Gary Ching-Pang Lin <glin@suse.com>
|
||
Date: Mon, 25 Nov 2013 16:55:23 +0800
|
||
Subject: [PATCH 09/10] Fix warnings from gcc
|
||
|
||
---
|
||
src/mokutil.c | 11 +++++------
|
||
1 file changed, 5 insertions(+), 6 deletions(-)
|
||
|
||
diff --git a/src/mokutil.c b/src/mokutil.c
|
||
index c6cfb29..9aa4376 100644
|
||
--- a/src/mokutil.c
|
||
+++ b/src/mokutil.c
|
||
@@ -1228,9 +1228,9 @@ enable_db()
|
||
}
|
||
|
||
static inline int
|
||
-read_file(int fd, char **bufp, size_t *lenptr) {
|
||
+read_file(int fd, void **bufp, size_t *lenptr) {
|
||
int alloced = 0, size = 0, i = 0;
|
||
- char * buf = NULL;
|
||
+ void * buf = NULL;
|
||
|
||
do {
|
||
size += i;
|
||
@@ -1254,10 +1254,9 @@ read_file(int fd, char **bufp, size_t *lenptr) {
|
||
static int
|
||
test_key (const char *key_file)
|
||
{
|
||
- struct stat buf;
|
||
void *key = NULL;
|
||
- ssize_t read_size;
|
||
- int fd, ret = -1;
|
||
+ size_t read_size;
|
||
+ int fd, rc, ret = -1;
|
||
|
||
fd = open (key_file, O_RDONLY);
|
||
if (fd < 0) {
|
||
@@ -1265,7 +1264,7 @@ test_key (const char *key_file)
|
||
goto error;
|
||
}
|
||
|
||
- int rc = read_file (fd, &key, &read_size);
|
||
+ rc = read_file (fd, &key, &read_size);
|
||
if (rc < 0) {
|
||
fprintf (stderr, "Failed to read %s\n", key_file);
|
||
goto error;
|
||
--
|
||
1.8.1.4
|
||
|
||
|
||
From a1a7385419b45834a728464f36100fa1098b9741 Mon Sep 17 00:00:00 2001
|
||
From: Gary Ching-Pang Lin <glin@suse.com>
|
||
Date: Mon, 25 Nov 2013 16:57:33 +0800
|
||
Subject: [PATCH 10/10] Fix the indentation
|
||
|
||
---
|
||
src/mokutil.c | 34 +++++++++++++++++-----------------
|
||
1 file changed, 17 insertions(+), 17 deletions(-)
|
||
|
||
diff --git a/src/mokutil.c b/src/mokutil.c
|
||
index 9aa4376..e4e247c 100644
|
||
--- a/src/mokutil.c
|
||
+++ b/src/mokutil.c
|
||
@@ -1229,26 +1229,26 @@ enable_db()
|
||
|
||
static inline int
|
||
read_file(int fd, void **bufp, size_t *lenptr) {
|
||
- int alloced = 0, size = 0, i = 0;
|
||
- void * buf = NULL;
|
||
-
|
||
- do {
|
||
- size += i;
|
||
- if ((size + 1024) > alloced) {
|
||
- alloced += 4096;
|
||
- buf = realloc (buf, alloced + 1);
|
||
- }
|
||
- } while ((i = read (fd, buf + size, 1024)) > 0);
|
||
+ int alloced = 0, size = 0, i = 0;
|
||
+ void * buf = NULL;
|
||
|
||
- if (i < 0) {
|
||
- free (buf);
|
||
- return -1;
|
||
- }
|
||
+ do {
|
||
+ size += i;
|
||
+ if ((size + 1024) > alloced) {
|
||
+ alloced += 4096;
|
||
+ buf = realloc (buf, alloced + 1);
|
||
+ }
|
||
+ } while ((i = read (fd, buf + size, 1024)) > 0);
|
||
|
||
- *bufp = buf;
|
||
- *lenptr = size;
|
||
+ if (i < 0) {
|
||
+ free (buf);
|
||
+ return -1;
|
||
+ }
|
||
+
|
||
+ *bufp = buf;
|
||
+ *lenptr = size;
|
||
|
||
- return 0;
|
||
+ return 0;
|
||
}
|
||
|
||
static int
|
||
--
|
||
1.8.1.4
|
||
|