Re: [PATCH] verifiers: fix double close on pgp's sig file descriptor

Wed, 14 Nov 2018 08:24:18 -0800 

On Tue, Nov 13, 2018 at 02:31:18PM +0800, Michael Chang wrote:
> An error emerged as when I was tesing the verifiers branch, so instead
> of putting it in pgp prefix, the verifiers is used to reflect what the
> patch is based on.
>
> While running verify_detached, grub aborts with error.
>
> verify_detached /@/.snapshots/1/snapshot/boot/grub/grub.cfg
> /@/.snapshots/1/snapshot/boot/grub/grub.cfg.sig
>
> alloc magic is broken at 0x7beea660: 0
> Aborted. Press any key to exit.
>
> The error is caused by sig file desciptor been closed twice, first time
> in grub_verify_signature() to which it is passed as parameter. Second in
> grub_cmd_verify_signature() or in whichever opens the sig file
> decriptor. The second close is not consider as bug to me either, as in
> common rule of what opens a file has to close it to avoid file
> descriptor leakage.
>
> Afterall the design of grub_verify_signature() makes it diffcult to keep
> a good trace on opened file descriptor from it's caller. Let's refine
> the application interface to accept file path rather than descriptor, in
> this way the caller doesn't have to care about closing the descriptor by
> delegating it to grub_verify_signature() with full tracing to opened
> file descriptor by itself.
>
> Signed-off-by: Michael Chang <mch...@suse.com>
> ---
>  grub-core/commands/pgp.c | 33 ++++++++++++++++-----------------
>  include/grub/pubkey.h    |  2 +-
>  2 files changed, 17 insertions(+), 18 deletions(-)
>
> diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
> index d5d7c0f0a..f294057b5 100644
> --- a/grub-core/commands/pgp.c
> +++ b/grub-core/commands/pgp.c
> @@ -495,13 +495,12 @@ grub_verify_signature_init (struct grub_pubkey_context 
> *ctxt, grub_file_t sig)
>
>    grub_dprintf ("crypt", "alive\n");
>
> -  ctxt->sig = sig;
> -
>    ctxt->hash_context = grub_zalloc (ctxt->hash->contextsize);
>    if (!ctxt->hash_context)
>      return grub_errno;
>
>    ctxt->hash->init (ctxt->hash_context);
> +  ctxt->sig = sig;

This change does not seem to belong to this patch. Otherwise it LGTM.
You can split this patch into two patches or add a blurb about this change
into commit message or drop it at all. I would choose first option.

Daniel

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to