[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20231127025737.451718-1-a869920004@gmail.com>
Date: Mon, 27 Nov 2023 02:57:37 +0000
From: Yusong Gao <a869920004@...il.com>
To: juergh@...ton.me, jarkko@...nel.org
Cc: a869920004@...il.com, davem@...emloft.net, dhowells@...hat.com,
dimitri.ledkov@...onical.com, dwmw2@...radead.org,
herbert@...dor.apana.org.au, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
lists@...ience.com, zohar@...ux.ibm.com
Subject: [PATCH v3] sign-file: Fix incorrect return values check
On Wed, Nov 22, 2023 at 3:21 PM Juerg Haefliger <juergh@...ton.me>
wrote:
>
> On Tue, 21 Nov 2023 03:40:44 +0000
> "Yusong Gao" <a869920004@...il.com> wrote:
>
> > There are some wrong return values check in sign-file when call
> > OpenSSL
> > API. The ERR() check cond is wrong because of the program only check
> > the
> > return value is < 0 instead of <= 0. For example:
> > 1. CMS_final() return 1 for success or 0 for failure.
> > 2. i2d_CMS_bio_stream() returns 1 for success or 0 for failure.
> > 3. i2d_TYPEbio() return 1 for success and 0 for failure.
> > 4. BIO_free() return 1 for success and 0 for failure.
>
> Good catch! In this case I'd probably be more strict and check for '!=
> 1'.
> See below.
>
> ...Juerg
>
>
> > Link: https://www.openssl.org/docs/manmaster/man3/
> > Fixes: e5a2e3c84782 ("scripts/sign-file.c: Add support for signing
> > with a raw signature")
> >
> > Signed-off-by: Yusong Gao <a869920004@...il.com>
> > ---
> > V1, V2: Clarify the description of git message.
> > ---
> > scripts/sign-file.c | 12 ++++++------
> > 1 file changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/scripts/sign-file.c b/scripts/sign-file.c
> > index 598ef5465f82..dcebbcd6bebd 100644
> > --- a/scripts/sign-file.c
> > +++ b/scripts/sign-file.c
> > @@ -322,7 +322,7 @@ int main(int argc, char **argv)
> > CMS_NOSMIMECAP | use_keyid |
> > use_signed_attrs),
> > "CMS_add1_signer");
> > - ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY)
> > < 0,
> > + ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY)
> > <= 0,
>
> ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) != 1,
>
>
> > "CMS_final");
> >
> > #else
> > @@ -341,10 +341,10 @@ int main(int argc, char **argv)
> > b = BIO_new_file(sig_file_name, "wb");
> > ERR(!b, "%s", sig_file_name);
> > #ifndef USE_PKCS7
> > - ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0,
> > + ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) <= 0,
>
> ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) != 1,
>
>
> > "%s", sig_file_name);
> > #else
> > - ERR(i2d_PKCS7_bio(b, pkcs7) < 0,
> > + ERR(i2d_PKCS7_bio(b, pkcs7) <= 0,
>
> ERR(i2d_PKCS7_bio(b, pkcs7) != 1,
>
>
> > "%s", sig_file_name);
> > #endif
> > BIO_free(b);
> > @@ -374,9 +374,9 @@ int main(int argc, char **argv)
> >
> > if (!raw_sig) {
> > #ifndef USE_PKCS7
> > - ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s",
> > dest_name);
> > + ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) <= 0, "%s",
> > dest_name);
>
>
> ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) != 1, "%s", dest_name);
>
>
> > #else
> > - ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name);
> > + ERR(i2d_PKCS7_bio(bd, pkcs7) <= 0, "%s", dest_name);
>
> ERR(i2d_PKCS7_bio(bd, pkcs7) != 1, "%s", dest_name);
>
>
> > #endif
> > } else {
> > BIO *b;
> > @@ -396,7 +396,7 @@ int main(int argc, char **argv)
> > ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s",
> > dest_name);
> > ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0,
> > "%s", dest_name);
> >
> > - ERR(BIO_free(bd) < 0, "%s", dest_name);
> > + ERR(BIO_free(bd) <= 0, "%s", dest_name);
>
> ERR(BIO_free(bd) != 1, "%s", dest_name);
>
>
> >
> > /* Finally, if we're signing in place, replace the original.
> > */
> > if (replace_orig)
> > --
> > 2.34.1
> >
>
Agreed. Will do.
Thanks for your review.
BR, Yusong Gao
Powered by blists - more mailing lists