2012-10-18 15:38:53 +00:00
|
|
|
From 186b6d5d39a1feeaa5f9493d28dc4f53015d551d Mon Sep 17 00:00:00 2001
|
|
|
|
From: Peter Jones <pjones@redhat.com>
|
|
|
|
Date: Wed, 17 Oct 2012 14:33:35 -0400
|
2012-10-19 14:24:10 +00:00
|
|
|
Subject: [PATCH 13/41] Don't set up digests in cms_context_init.
|
2012-10-18 15:38:53 +00:00
|
|
|
|
|
|
|
Move digest setup out of cms_context_init, so we can avoid leaking the
|
|
|
|
reference to the digests by not having them in ctx->backup_cms in the
|
|
|
|
daemon.
|
|
|
|
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
---
|
|
|
|
src/cms_common.c | 9 ++-------
|
|
|
|
src/cms_common.h | 3 +++
|
|
|
|
src/daemon.c | 27 +++++++++++++++++++++++++++
|
|
|
|
3 files changed, 32 insertions(+), 7 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/src/cms_common.c b/src/cms_common.c
|
|
|
|
index 6219a2a..a8e34dd 100644
|
|
|
|
--- a/src/cms_common.c
|
|
|
|
+++ b/src/cms_common.c
|
|
|
|
@@ -97,7 +97,7 @@ digest_get_digest_size(cms_context *cms)
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
-static int
|
|
|
|
+int
|
|
|
|
setup_digests(cms_context *cms)
|
|
|
|
{
|
|
|
|
struct digest *digests = NULL;
|
|
|
|
@@ -133,7 +133,7 @@ err:
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
-static void
|
|
|
|
+void
|
|
|
|
teardown_digests(cms_context *ctx)
|
|
|
|
{
|
|
|
|
struct digest *digests = ctx->digests;
|
|
|
|
@@ -199,11 +199,6 @@ cms_context_init(cms_context *cms)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
- int rc = setup_digests(cms);
|
|
|
|
- if (rc < 0) {
|
|
|
|
- PORT_FreeArena(cms->arena, PR_TRUE);
|
|
|
|
- return -1;
|
|
|
|
- }
|
|
|
|
cms->selected_digest = -1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
diff --git a/src/cms_common.h b/src/cms_common.h
|
|
|
|
index fc80fa3..830427e 100644
|
|
|
|
--- a/src/cms_common.h
|
|
|
|
+++ b/src/cms_common.h
|
|
|
|
@@ -86,6 +86,9 @@ extern int cms_context_alloc(cms_context **ctxp);
|
|
|
|
extern int cms_context_init(cms_context *ctx);
|
|
|
|
extern void cms_context_fini(cms_context *ctx);
|
|
|
|
|
|
|
|
+extern int setup_digests(cms_context *cms);
|
|
|
|
+extern void teardown_digests(cms_context *ctx);
|
|
|
|
+
|
|
|
|
extern int generate_octet_string(cms_context *ctx, SECItem *encoded,
|
|
|
|
SECItem *original);
|
|
|
|
extern int generate_object_id(cms_context *ctx, SECItem *encoded,
|
|
|
|
diff --git a/src/daemon.c b/src/daemon.c
|
|
|
|
index a31c063..f44f069 100644
|
|
|
|
--- a/src/daemon.c
|
|
|
|
+++ b/src/daemon.c
|
|
|
|
@@ -143,6 +143,15 @@ handle_unlock_token(context *ctx, struct pollfd *pollfd, socklen_t size)
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ rc = setup_digests(ctx->cms);
|
|
|
|
+ if (rc < 0) {
|
|
|
|
+ ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
|
|
|
|
+ "Could not initialize digests: %s\n",
|
|
|
|
+ PORT_ErrorToString(PORT_GetError()));
|
|
|
|
+ send_response(ctx, ctx->backup_cms, pollfd, rc);
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
steal_from_cms(ctx->backup_cms, ctx->cms);
|
|
|
|
|
|
|
|
if (!buffer) {
|
|
|
|
@@ -491,6 +500,15 @@ handle_sign_attached(context *ctx, struct pollfd *pollfd, socklen_t size)
|
|
|
|
if (rc < 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
+ rc = setup_digests(ctx->cms);
|
|
|
|
+ if (rc < 0) {
|
|
|
|
+ ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
|
|
|
|
+ "Could not initialize digests: %s\n",
|
|
|
|
+ PORT_ErrorToString(PORT_GetError()));
|
|
|
|
+ send_response(ctx, ctx->backup_cms, pollfd, rc);
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
steal_from_cms(ctx->backup_cms, ctx->cms);
|
|
|
|
|
|
|
|
handle_signing(ctx, pollfd, size, 1);
|
|
|
|
@@ -506,6 +524,15 @@ handle_sign_detached(context *ctx, struct pollfd *pollfd, socklen_t size)
|
|
|
|
if (rc < 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
+ rc = setup_digests(ctx->cms);
|
|
|
|
+ if (rc < 0) {
|
|
|
|
+ ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
|
|
|
|
+ "Could not initialize digests: %s\n",
|
|
|
|
+ PORT_ErrorToString(PORT_GetError()));
|
|
|
|
+ send_response(ctx, ctx->backup_cms, pollfd, rc);
|
|
|
|
+ return;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
steal_from_cms(ctx->backup_cms, ctx->cms);
|
|
|
|
|
|
|
|
handle_signing(ctx, pollfd, size, 0);
|
|
|
|
--
|
|
|
|
1.7.12.1
|
|
|
|
|