While looking for a build issue (see [1]), I noticed various issues in the ucert code (and this should not be applied before [1] is applied to usign). There might well be more problems lurking - I did not read all the code.
In particular patch 12/12 is critical: It must be applied before the attached libubox patch to avoid a new security issue. The libubox patch is necessary to make ucert verification work at all again; without it, cert_load() will always fail, and in consequence, all images will be found invalid when REQUIRE_IMAGE_SIGNATURE is enabled. [1] https://patchwork.ozlabs.org/project/openwrt/patch/8ead1fd6a61117b54b4efd5111fe0d19e4eef9c5.1589642591.git.mschif...@universe-factory.net/ Matthias Schiffer (13): stdout/stderr improvements Fix return code of write_file() Introduce read_file() helper, improve error reporting usign-exec: simplify usign execv calls usign-exec: fix exec error handling usign-exec: do not close stdin and stderr before exec usign-exec: change usign_f_* fingerprint argument to char[17] usign-exec: remove redundant return statements usign-exec: close writing end of pipe early in parent process usign-exec: return code fixes usign-exec: improve usign -F output handling Fix length checks in cert_load() Do not print line number in debug messages tests/cram/test_ucert.t | 4 +- ucert.c | 147 +++++++++++++++++++++++----------------- usign-exec.c | 115 +++++++++++++------------------ usign.h | 8 ++- 4 files changed, 138 insertions(+), 136 deletions(-) -- 2.26.2 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
