diff options
| author | Yauheni Kaliuta <yauheni.kaliuta@redhat.com> | 2018-11-16 10:56:34 +0200 |
|---|---|---|
| committer | Lucas De Marchi <lucas.demarchi@intel.com> | 2018-11-16 00:59:44 -0800 |
| commit | a11057201ed326a9e65e757202da960735e45799 (patch) | |
| tree | 7f1007177ef8977b4bb0a75a6af9b59dc8f63390 | |
| parent | 068729e3688cbe7eb5a51821f14a668cca314ddf (diff) | |
| download | kmod-a11057201ed326a9e65e757202da960735e45799.tar.gz kmod-a11057201ed326a9e65e757202da960735e45799.zip | |
signature: do not report wrong data for pkc#7 signature
when PKC#7 signing method is used the old structure doesn't contain
any useful data, but the data are encoded in the certificate.
The info getting/showing code is not aware of that at the moment and
since 0 is a valid constant, shows, for example, wrong "md4" for the
hash algo.
The patch splits the 2 mothods of gethering the info and reports
"unknown" for the algo.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
| -rw-r--r-- | libkmod/libkmod-module.c | 2 | ||||
| -rw-r--r-- | libkmod/libkmod-signature.c | 56 |
2 files changed, 39 insertions, 19 deletions
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c index ee420f4..889f264 100644 --- a/libkmod/libkmod-module.c +++ b/libkmod/libkmod-module.c @@ -2273,7 +2273,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_ struct kmod_elf *elf; char **strings; int i, count, ret = -ENOMEM; - struct kmod_signature_info sig_info; + struct kmod_signature_info sig_info = {}; if (mod == NULL || list == NULL) return -ENOENT; diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c index 1f3e26d..429ffbd 100644 --- a/libkmod/libkmod-signature.c +++ b/libkmod/libkmod-signature.c @@ -92,6 +92,38 @@ struct module_signature { uint32_t sig_len; /* Length of signature data (big endian) */ }; +static bool fill_default(const char *mem, off_t size, + const struct module_signature *modsig, size_t sig_len, + struct kmod_signature_info *sig_info) +{ + size -= sig_len; + sig_info->sig = mem + size; + sig_info->sig_len = sig_len; + + size -= modsig->key_id_len; + sig_info->key_id = mem + size; + sig_info->key_id_len = modsig->key_id_len; + + size -= modsig->signer_len; + sig_info->signer = mem + size; + sig_info->signer_len = modsig->signer_len; + + sig_info->algo = pkey_algo[modsig->algo]; + sig_info->hash_algo = pkey_hash_algo[modsig->hash]; + sig_info->id_type = pkey_id_type[modsig->id_type]; + + return true; +} + +static bool fill_unknown(const char *mem, off_t size, + const struct module_signature *modsig, size_t sig_len, + struct kmod_signature_info *sig_info) +{ + sig_info->hash_algo = "unknown"; + sig_info->id_type = pkey_id_type[modsig->id_type]; + return true; +} + #define SIG_MAGIC "~Module signature appended~\n" /* @@ -112,7 +144,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat const struct module_signature *modsig; size_t sig_len; - size = kmod_file_get_size(file); mem = kmod_file_get_contents(file); if (size < (off_t)strlen(SIG_MAGIC)) @@ -134,21 +165,10 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len)) return false; - size -= sig_len; - sig_info->sig = mem + size; - sig_info->sig_len = sig_len; - - size -= modsig->key_id_len; - sig_info->key_id = mem + size; - sig_info->key_id_len = modsig->key_id_len; - - size -= modsig->signer_len; - sig_info->signer = mem + size; - sig_info->signer_len = modsig->signer_len; - - sig_info->algo = pkey_algo[modsig->algo]; - sig_info->hash_algo = pkey_hash_algo[modsig->hash]; - sig_info->id_type = pkey_id_type[modsig->id_type]; - - return true; + switch (modsig->id_type) { + case PKEY_ID_PKCS7: + return fill_unknown(mem, size, modsig, sig_len, sig_info); + default: + return fill_default(mem, size, modsig, sig_len, sig_info); + } } |