grub/grub-core
Michael Chang e8b37e2c8d verifiers: fix double close on pgp's sig file descriptor
An error emerged as when I was testing the verifiers branch, so instead
of putting it in pgp prefix, the verifiers is used to reflect what the
patch is based on.

While running verify_detached, grub aborts with error.

verify_detached /@/.snapshots/1/snapshot/boot/grub/grub.cfg
/@/.snapshots/1/snapshot/boot/grub/grub.cfg.sig

alloc magic is broken at 0x7beea660: 0
Aborted. Press any key to exit.

The error is caused by sig file descriptor been closed twice, first time
in grub_verify_signature() to which it is passed as parameter. Second in
grub_cmd_verify_signature() or in whichever opens the sig file
descriptor. The second close is not consider as bug to me either, as in
common rule of what opens a file has to close it to avoid file
descriptor leakage.

After all the design of grub_verify_signature() makes it difficult to keep
a good trace on opened file descriptor from it's caller. Let's refine
the application interface to accept file path rather than descriptor, in
this way the caller doesn't have to care about closing the descriptor by
delegating it to grub_verify_signature() with full tracing to opened
file descriptor by itself.

Also making it clear that sig descriptor is not referenced in error
returning path of grub_verify_signature_init(), so it can be closed
directly by it's caller. This also makes delegating it to
grub_pubkey_close() infeasible to help in relieving file descriptor
leakage as it has to depend on uncertainty of ctxt fields in error
returning path.

Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-11-21 14:46:53 +01:00
..
boot diskboot: Trivial correction on stale comments 2018-04-23 13:04:58 +02:00
bus ehci: Fix compilation on i386 2017-07-09 21:31:19 +02:00
commands verifiers: fix double close on pgp's sig file descriptor 2018-11-21 14:46:53 +01:00
disk verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
efiemu verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
font verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
fs verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
gdb i386, x86_64, ppc: fix switch fallthrough cases with GCC7 2017-04-04 19:23:55 +03:00
gettext verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
gfxmenu verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
gnulib i386, x86_64, ppc: fix switch fallthrough cases with GCC7 2017-04-04 19:23:55 +03:00
hello * grub-core/commands/gptsync.c: Fix typographic quoting. 2012-03-03 13:05:08 +01:00
hook * grub-core/hook/datehook.c (grub_read_hook_datetime): Small stylistic 2011-11-11 21:03:49 +01:00
io verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
kern verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
lib verifiers: Add possibility to verify kernel and modules command lines 2018-11-09 13:25:31 +01:00
loader arm64/xen: Fix too few arguments to function grub_create_loader_cmdline() 2018-11-21 14:44:50 +01:00
mmap Translate UEFI persistent memory type 2015-12-15 10:25:34 +03:00
net ofnet: Initialize structs in bootpath parser 2018-09-13 11:03:05 +02:00
normal verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
osdep generic/blocklist: Fix implicit declaration of function grub_file_filter_disable_compression() 2018-11-21 14:45:33 +01:00
partmap msdos: Fix overflow in converting partition start and length into 512B blocks 2018-09-27 14:56:45 +02:00
parttool * grub-core/net/http.c: Add TRANSLATORS comments. 2012-03-05 16:42:26 +01:00
script yylex: Explicilty cast fprintf to void. 2017-08-14 14:11:43 +02:00
term efi/console: Fix the "enter" key not working on x86 tablets 2018-07-11 11:53:28 +02:00
tests Regenerate checksum.h with newer unifont. 2017-08-30 17:12:04 +02:00
video verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
gdb_grub.in * grub-core/gdb_grub.in: Fix overflow and wrong field. 2013-10-14 03:40:20 +02:00
genemuinit.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genemuinitheader.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genmod.sh.in .mod files: Strip annobin annotations and .eh_frame, and their relocations 2018-03-05 14:08:22 +01:00
genmoddep.awk enforcing fixup 2017-08-14 16:27:10 +02:00
gensyminfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00
gensymlist.sh Make 'make check' work on emu. 2013-04-27 02:00:16 +02:00
gentrigtables.c * grub-core/gentrigtables.c: Make tables const. 2013-03-01 11:15:09 +01:00
gmodule.pl.in * grub-core/gmodule.pl.in: Accept newer binutils which output 2014-09-21 18:23:23 +02:00
gnulib-fix-gcc7-fallthrough.diff Add gnulib-fix-gcc7-fallthrough.diff 2017-04-04 19:37:47 +03:00
gnulib-fix-null-deref.diff Import new gnulib. 2013-04-11 21:12:46 +02:00
gnulib-fix-width.diff Import new gnulib. 2013-04-11 21:12:46 +02:00
gnulib-no-abort.diff Import new gnulib. 2013-04-11 21:12:46 +02:00
gnulib-no-gets.diff Import new gnulib. 2013-04-11 21:12:46 +02:00
Makefile.am arm: Delete unused efi support from loader/arm 2018-07-25 14:18:11 +02:00
Makefile.core.def efi: Add EFI shim lock verifier 2018-11-09 13:25:31 +01:00
modinfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00