pesign/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch
Peter Jones 18bcd8bfc2 Fix some more bugs found by valgrind and coverity.
- Don't build utils/ ; we're not using them and they're not ready anyway.
2012-10-18 11:38:53 -04:00

361 lines
11 KiB
Diff

From 66d3353e6d24c9e69ce71735c5aa4741717a6d68 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 15:31:15 -0400
Subject: [PATCH 20/30] Allocate pesign_context rather than having it on the
stack.
This way it won't try to re-initialize cms_context when it's cleaned up.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/pesign.c | 152 ++++++++++++++++++++++++++++++-----------------------------
1 file changed, 77 insertions(+), 75 deletions(-)
diff --git a/src/pesign.c b/src/pesign.c
index 2ba5ef1..e22e814 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -426,7 +426,7 @@ main(int argc, char *argv[])
{
int rc;
- pesign_context ctx, *ctxp = &ctx;
+ pesign_context *ctxp;
int list = 0;
int remove = 0;
@@ -437,40 +437,47 @@ main(int argc, char *argv[])
char *tokenname = "NSS Certificate DB";
char *certname = NULL;
+ rc = pesign_context_new(&ctxp);
+ if (rc < 0) {
+ fprintf(stderr, "Could not initialize context: %m\n");
+ exit(1);
+ }
+
poptContext optCon;
struct poptOption options[] = {
{NULL, '\0', POPT_ARG_INTL_DOMAIN, "pesign" },
- {"in", 'i', POPT_ARG_STRING, &ctx.infile, 0,
+ {"in", 'i', POPT_ARG_STRING, &ctxp->infile, 0,
"specify input file", "<infile>"},
- {"out", 'o', POPT_ARG_STRING, &ctx.outfile, 0,
+ {"out", 'o', POPT_ARG_STRING, &ctxp->outfile, 0,
"specify output file", "<outfile>" },
{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
"specify certificate nickname",
"<certificate nickname>" },
- {"privkey", 'p', POPT_ARG_STRING, &ctx.privkeyfile, 0,
+ {"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0,
"specify private key file", "<privkey>" },
- {"force", 'f', POPT_ARG_VAL, &ctx.force, 1,
+ {"force", 'f', POPT_ARG_VAL, &ctxp->force, 1,
"force overwriting of output file", NULL },
- {"sign", 's', POPT_ARG_VAL, &ctx.sign, 1,
+ {"sign", 's', POPT_ARG_VAL, &ctxp->sign, 1,
"create a new signature", NULL },
- {"hash", 'h', POPT_ARG_VAL, &ctx.hash, 1, "hash binary", NULL },
+ {"hash", 'h', POPT_ARG_VAL, &ctxp->hash, 1, "hash binary", NULL },
{"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
&digest_name, 0, "digest type to use for pe hash" },
{"import-signed-certificate", 'm',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
- &ctx.insig, 0,"import signature from file", "<insig>" },
+ &ctxp->insig, 0,"import signature from file", "<insig>" },
{"export-signed-attributes", 'E',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
- &ctx.outsattrs, 0, "export signed attributes to file",
+ &ctxp->outsattrs, 0, "export signed attributes to file",
"<signed_attributes_file>" },
{"import-signed-attributes", 'I',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
- &ctx.insattrs, 0, "import signed attributes from file",
+ &ctxp->insattrs, 0,
+ "import signed attributes from file",
"<signed_attributes_file>" },
{"import-raw-signature", 'R',
- POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, &ctx.rawsig,
+ POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, &ctxp->rawsig,
0, "import raw signature from file", "<inraw>" },
- {"signature-number", 'u', POPT_ARG_INT, &ctx.signum, -1,
+ {"signature-number", 'u', POPT_ARG_INT, &ctxp->signum, -1,
"specify which signature to operate on","<sig-number>"},
{"list-signatures", 'l',
POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
@@ -483,13 +490,14 @@ main(int argc, char *argv[])
"remove signature" },
{"export-signature", 'e',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
- &ctx.outsig, 0,"export signature to file", "<outsig>" },
+ &ctxp->outsig, 0,
+ "export signature to file", "<outsig>" },
{"export-pubkey", 'K', POPT_ARG_STRING,
- &ctx.outkey, 0, "export pubkey to file", "<outkey>" },
+ &ctxp->outkey, 0, "export pubkey to file", "<outkey>" },
{"export-cert", 'C', POPT_ARG_STRING,
- &ctx.outcert, 0, "export signing cert to file",
+ &ctxp->outcert, 0, "export signing cert to file",
"<outcert>" },
- {"ascii-armor", 'a', POPT_ARG_VAL, &ctx.ascii, 1,
+ {"ascii-armor", 'a', POPT_ARG_VAL, &ctxp->ascii, 1,
"use ascii armoring", NULL },
{"daemonize", 'D', POPT_ARG_VAL, &daemon, 1,
"run as a daemon process", NULL },
@@ -509,12 +517,6 @@ main(int argc, char *argv[])
}
}
- rc = pesign_context_init(ctxp);
- if (rc < 0) {
- fprintf(stderr, "Could not initialize context: %m\n");
- exit(1);
- }
-
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
rc = poptReadDefaultConfig(optCon, 0);
@@ -571,25 +573,25 @@ main(int argc, char *argv[])
if (daemon)
action |= DAEMONIZE;
- if (ctx.rawsig)
+ if (ctxp->rawsig)
action |= IMPORT_RAW_SIGNATURE;
- if (ctx.insattrs)
+ if (ctxp->insattrs)
action |= IMPORT_SATTRS;
- if (ctx.outsattrs)
+ if (ctxp->outsattrs)
action |= EXPORT_SATTRS;
-
- if (ctx.insig)
+
+ if (ctxp->insig)
action |= IMPORT_SIGNATURE;
- if (ctx.outkey)
+ if (ctxp->outkey)
action |= EXPORT_PUBKEY;
- if (ctx.outcert)
+ if (ctxp->outcert)
action |= EXPORT_CERT;
- if (ctx.outsig)
+ if (ctxp->outsig)
action |= EXPORT_SIGNATURE;
if (remove != 0)
@@ -598,13 +600,13 @@ main(int argc, char *argv[])
if (list != 0)
action |= LIST_SIGNATURES;
- if (ctx.sign) {
+ if (ctxp->sign) {
action |= GENERATE_SIGNATURE;
if (!(action & EXPORT_SIGNATURE))
action |= IMPORT_SIGNATURE;
}
- if (ctx.hash)
+ if (ctxp->hash)
action |= GENERATE_DIGEST|PRINT_DIGEST;
ssize_t sigspace = 0;
@@ -620,11 +622,11 @@ main(int argc, char *argv[])
*/
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
check_inputs(ctxp);
- rc = find_certificate(ctx.cms_ctx);
+ rc = find_certificate(ctxp->cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
- ctx.cms_ctx->certname);
+ ctxp->cms_ctx->certname);
exit(1);
}
open_rawsig_input(ctxp);
@@ -636,19 +638,19 @@ main(int argc, char *argv[])
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
- generate_digest(ctx.cms_ctx, ctx.outpe);
- sigspace = calculate_signature_space(ctx.cms_ctx,
- ctx.outpe);
- allocate_signature_space(ctx.outpe, sigspace);
- generate_signature(ctx.cms_ctx);
- insert_signature(ctx.cms_ctx, ctx.signum);
- finalize_signatures(ctx.cms_ctx, ctx.outpe);
+ generate_digest(ctxp->cms_ctx, ctxp->outpe);
+ sigspace = calculate_signature_space(ctxp->cms_ctx,
+ ctxp->outpe);
+ allocate_signature_space(ctxp->outpe, sigspace);
+ generate_signature(ctxp->cms_ctx);
+ insert_signature(ctxp->cms_ctx, ctxp->signum);
+ finalize_signatures(ctxp->cms_ctx, ctxp->outpe);
close_output(ctxp);
break;
case EXPORT_SATTRS:
open_input(ctxp);
open_sattr_output(ctxp);
- generate_digest(ctx.cms_ctx, ctx.inpe);
+ generate_digest(ctxp->cms_ctx, ctxp->inpe);
generate_sattr_blob(ctxp);
close_sattr_output(ctxp);
close_input(ctxp);
@@ -666,22 +668,22 @@ main(int argc, char *argv[])
close_output(ctxp);
break;
case EXPORT_PUBKEY:
- rc = find_certificate(ctx.cms_ctx);
+ rc = find_certificate(ctxp->cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
- ctx.cms_ctx->certname);
+ ctxp->cms_ctx->certname);
exit(1);
}
open_pubkey_output(ctxp);
export_pubkey(ctxp);
break;
case EXPORT_CERT:
- rc = find_certificate(ctx.cms_ctx);
+ rc = find_certificate(ctxp->cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
- ctx.cms_ctx->certname);
+ ctxp->cms_ctx->certname);
exit(1);
}
open_cert_output(ctxp);
@@ -691,21 +693,21 @@ main(int argc, char *argv[])
case EXPORT_SIGNATURE:
open_input(ctxp);
open_sig_output(ctxp);
- if (ctx.signum > ctx.cms_ctx->num_signatures) {
+ if (ctxp->signum > ctxp->cms_ctx->num_signatures) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
- if (ctx.signum < 0)
- ctx.signum = 0;
- if (ctx.signum >= ctx.cms_ctx->num_signatures) {
+ if (ctxp->signum < 0)
+ ctxp->signum = 0;
+ if (ctxp->signum >= ctxp->cms_ctx->num_signatures) {
fprintf(stderr, "No valid signature #%d.\n",
- ctx.signum);
+ ctxp->signum);
exit(1);
}
- memcpy(&ctx.cms_ctx->newsig,
- ctx.cms_ctx->signatures[ctx.signum],
- sizeof (ctx.cms_ctx->newsig));
- export_signature(ctx.cms_ctx, ctx.outsigfd, ctx.ascii);
+ memcpy(&ctxp->cms_ctx->newsig,
+ ctxp->cms_ctx->signatures[ctxp->signum],
+ sizeof (ctxp->cms_ctx->newsig));
+ export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii);
close_input(ctxp);
close_sig_output(ctxp);
break;
@@ -715,11 +717,11 @@ main(int argc, char *argv[])
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
- if (ctx.signum > ctx.cms_ctx->num_signatures) {
+ if (ctxp->signum > ctxp->cms_ctx->num_signatures) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
- remove_signature(&ctx);
+ remove_signature(ctxp);
close_output(ctxp);
break;
/* list signatures in the binary */
@@ -729,49 +731,49 @@ main(int argc, char *argv[])
break;
case GENERATE_DIGEST|PRINT_DIGEST:
open_input(ctxp);
- generate_digest(ctx.cms_ctx, ctx.inpe);
+ generate_digest(ctxp->cms_ctx, ctxp->inpe);
print_digest(ctxp);
break;
/* generate a signature and save it in a separate file */
case EXPORT_SIGNATURE|GENERATE_SIGNATURE:
- rc = find_certificate(ctx.cms_ctx);
+ rc = find_certificate(ctxp->cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
- ctx.cms_ctx->certname);
+ ctxp->cms_ctx->certname);
exit(1);
}
open_input(ctxp);
open_sig_output(ctxp);
- generate_digest(ctx.cms_ctx, ctx.inpe);
- generate_signature(ctx.cms_ctx);
- export_signature(ctx.cms_ctx, ctx.outsigfd, ctx.ascii);
+ generate_digest(ctxp->cms_ctx, ctxp->inpe);
+ generate_signature(ctxp->cms_ctx);
+ export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii);
break;
/* generate a signature and embed it in the binary */
case IMPORT_SIGNATURE|GENERATE_SIGNATURE:
check_inputs(ctxp);
- rc = find_certificate(ctx.cms_ctx);
+ rc = find_certificate(ctxp->cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
- ctx.cms_ctx->certname);
+ ctxp->cms_ctx->certname);
exit(1);
}
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
- generate_digest(ctx.cms_ctx, ctx.outpe);
- sigspace = calculate_signature_space(ctx.cms_ctx,
- ctx.outpe);
- allocate_signature_space(ctx.outpe, sigspace);
- generate_digest(ctx.cms_ctx, ctx.outpe);
- generate_signature(ctx.cms_ctx);
- insert_signature(ctx.cms_ctx, ctx.signum);
- finalize_signatures(ctx.cms_ctx, ctx.outpe);
+ generate_digest(ctxp->cms_ctx, ctxp->outpe);
+ sigspace = calculate_signature_space(ctxp->cms_ctx,
+ ctxp->outpe);
+ allocate_signature_space(ctxp->outpe, sigspace);
+ generate_digest(ctxp->cms_ctx, ctxp->outpe);
+ generate_signature(ctxp->cms_ctx);
+ insert_signature(ctxp->cms_ctx, ctxp->signum);
+ finalize_signatures(ctxp->cms_ctx, ctxp->outpe);
close_output(ctxp);
break;
case DAEMONIZE:
- rc = daemonize(ctx.cms_ctx, fork);
+ rc = daemonize(ctxp->cms_ctx, fork);
break;
default:
fprintf(stderr, "Incompatible flags (0x%08x): ", action);
@@ -782,7 +784,7 @@ main(int argc, char *argv[])
fprintf(stderr, "\n");
exit(1);
}
- pesign_context_fini(&ctx);
+ pesign_context_free(ctxp);
NSS_Shutdown();
return (rc < 0);
--
1.7.12.1