* scripts/sign-file.c: correct error handling
@ 2022-07-06 10:54 Ansgar Burchardt
0 siblings, 0 replies; only message in thread
From: Ansgar Burchardt @ 2022-07-06 10:54 UTC (permalink / raw)
To: keyrings
[-- Attachment #1: Type: text/plain, Size: 321 bytes --]
Hi,
The functions CMS_final, i2d_CMS_bio_stream, i2d_PKCS7_bio and
BIO_free all return 1 for success or 0 for failure. The old check
for a value less than 0 would never catch an error.
I tried signing a kernel module with the patched sign-file and that
still worked.
Ansgar
PS: Please CC me on replies.
[-- Attachment #2: 0001-sign-file-correct-error-handling.patch --]
[-- Type: text/plain, Size: 2071 bytes --]
From d11fb170c3ec172ce6707baab03b1499f14e0f20 Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt <ansgar@43-1.org>
Date: Sun, 3 Jul 2022 11:17:50 +0200
Subject: [PATCH] sign-file: correct error handling
The functions CMS_final, i2d_CMS_bio_stream, i2d_PKCS7_bio and
BIO_free all return 1 for success or 0 for failure.
Signed-off-by: Ansgar Burchardt <ansgar@43-1.org>
---
scripts/sign-file.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 7434e9ea926e..4889f919ff8a 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -322,7 +322,7 @@ int main(int argc, char **argv)
CMS_NOSMIMECAP | use_keyid |
use_signed_attrs),
"CMS_add1_signer");
- ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0,
+ ERR(!CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY),
"CMS_final");
#else
@@ -341,10 +341,10 @@ int main(int argc, char **argv)
b = BIO_new_file(sig_file_name, "wb");
ERR(!b, "%s", sig_file_name);
#ifndef USE_PKCS7
- ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0,
+ ERR(!i2d_CMS_bio_stream(b, cms, NULL, 0),
"%s", sig_file_name);
#else
- ERR(i2d_PKCS7_bio(b, pkcs7) < 0,
+ ERR(!i2d_PKCS7_bio(b, pkcs7),
"%s", sig_file_name);
#endif
BIO_free(b);
@@ -374,9 +374,9 @@ int main(int argc, char **argv)
if (!raw_sig) {
#ifndef USE_PKCS7
- ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name);
+ ERR(!i2d_CMS_bio_stream(bd, cms, NULL, 0), "%s", dest_name);
#else
- ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name);
+ ERR(!i2d_PKCS7_bio(bd, pkcs7), "%s", dest_name);
#endif
} else {
BIO *b;
@@ -396,7 +396,7 @@ int main(int argc, char **argv)
ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name);
ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name);
- ERR(BIO_free(bd) < 0, "%s", dest_name);
+ ERR(!BIO_free(bd), "%s", dest_name);
/* Finally, if we're signing in place, replace the original. */
if (replace_orig)
--
2.35.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-07-06 11:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-06 10:54 scripts/sign-file.c: correct error handling Ansgar Burchardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.