On Tue, Nov 20, 2018 at 07:15:37PM +0800, Michael Chang wrote: > An error emerged as when I was tesing the verifiers branch, so instead > of putting it in pgp prefix, the verifiers is used to reflect what the > patch is based on. > > While running verify_detached, grub aborts with error. > > verify_detached /@/.snapshots/1/snapshot/boot/grub/grub.cfg > /@/.snapshots/1/snapshot/boot/grub/grub.cfg.sig > > alloc magic is broken at 0x7beea660: 0 > Aborted. Press any key to exit. > > The error is caused by sig file desciptor been closed twice, first time > in grub_verify_signature() to which it is passed as parameter. Second in > grub_cmd_verify_signature() or in whichever opens the sig file > decriptor. The second close is not consider as bug to me either, as in > common rule of what opens a file has to close it to avoid file > descriptor leakage. > > Afterall the design of grub_verify_signature() makes it diffcult to keep > a good trace on opened file descriptor from it's caller. Let's refine > the application interface to accept file path rather than descriptor, in > this way the caller doesn't have to care about closing the descriptor by > delegating it to grub_verify_signature() with full tracing to opened > file descriptor by itself. > > Also making it clear that sig descriptor is not referenced in error > returning path of grub_verify_signature_init(), so it can be closed > directly by it's caller. This also makes delegating it to > grub_pubkey_close() infeasible to help in relieving file descriptor > leakage as it has to depend on uncertainty of ctxt fields in error > returning path. > > Signed-off-by: Michael Chang <mch...@suse.com>
Pushed! Thanks a lot! Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
