[OpenWrt-Devel] [PATCH ucert 05/13] usign-exec: fix exec error handling

Matthias Schiffer Sat, 16 May 2020 14:16:24 -0700

When execvp fails in the forked process, we must exit. Also add an error
message.


Signed-off-by: Matthias Schiffer <mschif...@universe-factory.net>
---
 ucert.c      |  4 ++--
 usign-exec.c | 40 ++++++++++++++++++++--------------------
 usign.h      |  8 +++++---
 3 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/ucert.c b/ucert.c
index 89bf0c64d4b5..208d5f67e10d 100644
--- a/ucert.c
+++ b/ucert.c
@@ -349,7 +349,7 @@ static int chain_verify(const char *msgfile, const char 
*pubkeyfile,
                                   
blobmsg_data_len(payloadtb[CERT_PL_ATTR_PUBKEY]),
                                   false);
 
-                       if (usign_f_pubkey(chainedfp, chainedpubkey)) {
+                       if (usign_f_pubkey(chainedfp, chainedpubkey, quiet)) {
                                DPRINTF("cannot get fingerprint for chained 
key\n");
                                ret = 2;
                                goto clean_and_return;
@@ -460,7 +460,7 @@ static int cert_issue(const char *certfile, const char 
*pubkeyfile, const char *
 
        pkb[pklen] = '\0';
 
-       if (usign_f_pubkey(pkfp, pubkeyfile))
+       if (usign_f_pubkey(pkfp, pubkeyfile, quiet))
                return -1;
 
        gettimeofday(&tv, NULL);
diff --git a/usign-exec.c b/usign-exec.c
index 4ff2e63c5be1..22fdc14e7ebb 100644
--- a/usign-exec.c
+++ b/usign-exec.c
@@ -72,10 +72,10 @@ int usign_s(const char *msgfile, const char *seckeyfile, 
const char *sigfile, bo
                return -1;
 
        case 0:
-               if (execvp(usign_argv[0], (char *const *)usign_argv))
-                       return -1;
-
-               break;
+               execvp(usign_argv[0], (char *const *)usign_argv);
+               if (!quiet)
+                       perror("Failed to execute usign");
+               _exit(1);
 
        default:
                waitpid(pid, &status, 0);
@@ -94,7 +94,7 @@ int usign_s(const char *msgfile, const char *seckeyfile, 
const char *sigfile, bo
  * call usign -F ... and set fingerprint returned
  * return WEXITSTATUS or -1 if fork or execv fails
  */
-static int usign_f(char *fingerprint, const char *pubkeyfile, const char 
*seckeyfile, const char *sigfile) {
+static int usign_f(char *fingerprint, const char *pubkeyfile, const char 
*seckeyfile, const char *sigfile, bool quiet) {
        int fds[2];
        pid_t pid;
        int status;
@@ -135,10 +135,10 @@ static int usign_f(char *fingerprint, const char 
*pubkeyfile, const char *seckey
                close(fds[0]);
                close(fds[1]);
 
-               if (execvp(usign_argv[0], (char *const *)usign_argv))
-                       return -1;
-
-               break;
+               execvp(usign_argv[0], (char *const *)usign_argv);
+               if (!quiet)
+                       perror("Failed to execute usign");
+               _exit(1);
 
        default:
                waitpid(pid, &status, 0);
@@ -164,22 +164,22 @@ static int usign_f(char *fingerprint, const char 
*pubkeyfile, const char *seckey
 /*
  * call usign -F -p ...
  */
-int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) {
-       return usign_f(fingerprint, pubkeyfile, NULL, NULL);
+int usign_f_pubkey(char *fingerprint, const char *pubkeyfile, bool quiet) {
+       return usign_f(fingerprint, pubkeyfile, NULL, NULL, quiet);
 }
 
 /*
  * call usign -F -s ...
  */
-int usign_f_seckey(char *fingerprint, const char *seckeyfile) {
-       return usign_f(fingerprint, NULL, seckeyfile, NULL);
+int usign_f_seckey(char *fingerprint, const char *seckeyfile, bool quiet) {
+       return usign_f(fingerprint, NULL, seckeyfile, NULL, quiet);
 }
 
 /*
  * call usign -F -x ...
  */
-int usign_f_sig(char *fingerprint, const char *sigfile) {
-       return usign_f(fingerprint, NULL, NULL, sigfile);
+int usign_f_sig(char *fingerprint, const char *sigfile, bool quiet) {
+       return usign_f(fingerprint, NULL, NULL, sigfile, quiet);
 }
 
 
@@ -195,7 +195,7 @@ int usign_v(const char *msgfile, const char *pubkeyfile,
        unsigned int usign_argc = 0;
        char fingerprint[17];
 
-       if (usign_f_sig(fingerprint, sigfile)) {
+       if (usign_f_sig(fingerprint, sigfile, quiet)) {
                if (!quiet)
                        fprintf(stderr, "cannot get signing key fingerprint\n");
                return 1;
@@ -235,10 +235,10 @@ int usign_v(const char *msgfile, const char *pubkeyfile,
                return -1;
 
        case 0:
-               if (execvp(usign_argv[0], (char *const *)usign_argv))
-                       return -1;
-
-               break;
+               execvp(usign_argv[0], (char *const *)usign_argv);
+               if (!quiet)
+                       perror("Failed to execute usign");
+               _exit(1);
 
        default:
                waitpid(pid, &status, 0);
diff --git a/usign.h b/usign.h
index d57d09ec7b74..9c3207aa97ed 100644
--- a/usign.h
+++ b/usign.h
@@ -15,6 +15,8 @@
 #ifndef _USIGN_H
 #define _USIGN_H
 
+#include <stdbool.h>
+
 /**
  * Verify
  *
@@ -35,11 +37,11 @@ int usign_s(const char *msgfile, const char *seckeyfile, 
const char *sigfile, bo
  *
  * calls: usign -F ...
  */
-int usign_f_pubkey(char *fingerprint, const char *pubkeyfile);
+int usign_f_pubkey(char *fingerprint, const char *pubkeyfile, bool quiet);
 
-int usign_f_seckey(char *fingerprint, const char *seckeyfile);
+int usign_f_seckey(char *fingerprint, const char *seckeyfile, bool quiet);
 
-int usign_f_sig(char *fingerprint, const char *sigfile);
+int usign_f_sig(char *fingerprint, const char *sigfile, bool quiet);
 
 /**
  * custom extension to check for revokers
-- 
2.26.2


_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH ucert 05/13] usign-exec: fix exec error handling

Reply via email to