vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
grub/grub-core/commands
History
Michael Chang e8b37e2c8d verifiers: fix double close on pgp's sig file descriptor 
An error emerged as when I was testing the verifiers branch, so instead
of putting it in pgp prefix, the verifiers is used to reflect what the
patch is based on.

While running verify_detached, grub aborts with error.

verify_detached /@/.snapshots/1/snapshot/boot/grub/grub.cfg
/@/.snapshots/1/snapshot/boot/grub/grub.cfg.sig

alloc magic is broken at 0x7beea660: 0
Aborted. Press any key to exit.

The error is caused by sig file descriptor been closed twice, first time
in grub_verify_signature() to which it is passed as parameter. Second in
grub_cmd_verify_signature() or in whichever opens the sig file
descriptor. The second close is not consider as bug to me either, as in
common rule of what opens a file has to close it to avoid file
descriptor leakage.

After all the design of grub_verify_signature() makes it difficult to keep
a good trace on opened file descriptor from it's caller. Let's refine
the application interface to accept file path rather than descriptor, in
this way the caller doesn't have to care about closing the descriptor by
delegating it to grub_verify_signature() with full tracing to opened
file descriptor by itself.

Also making it clear that sig descriptor is not referenced in error
returning path of grub_verify_signature_init(), so it can be closed
directly by it's caller. This also makes delegating it to
grub_pubkey_close() infeasible to help in relieving file descriptor
leakage as it has to depend on uncertainty of ctxt fields in error
returning path.

Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-11-21 14:46:53 +01:00
..
arc Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
efi efi: Add EFI shim lock verifier 2018-11-09 13:25:31 +01:00
i386 verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
ieee1275 * grub-core/commands/gptsync.c: Fix typographic quoting. 2012-03-03 13:05:08 +01:00
mips/loongson * grub-core/commands/i386/pc/drivemap.c: Add TRANSLATORS comments. 2012-03-02 15:09:10 +01:00
xen Correct some translatable strings. 2013-12-21 03:03:31 +01:00
acpi.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
acpihalt.c acpihalt: add GRUB_ACPI_OPCODE_CREATE_DWORD_FIELD (0x8a) 2016-01-02 21:33:18 +03:00
blocklist.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
boot.c Add new ports: i386-xen and x86_64-xen. This allows running GRUB in 2013-11-09 21:29:11 +01:00
boottime.c Clarify several translatable messages. 2013-12-21 03:21:45 +01:00
cacheinfo.c cacheinfo: Add missing license information. 2015-03-20 11:13:58 +01:00
cat.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
cmp.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
configfile.c * grub-core/commands/configfile.c (GRUB_MOD_INIT): Correct 2012-10-12 15:34:33 +01:00
date.c * grub-core/commands/date.c (GRUB_MOD_INIT): Remove non-uniform 2012-03-03 13:09:14 +01:00
echo.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
eval.c * grub-core/script/execute.c (grub_script_execute_sourcecode): Split 2013-06-07 18:40:37 +02:00
extcmd.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
file.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
file32.c Implement grub_file tool and use it to implement generating of config 2013-12-17 14:39:48 +01:00
file64.c Implement grub_file tool and use it to implement generating of config 2013-12-17 14:39:48 +01:00
fileXX.c commands/fileXX: Fix remaining memory leak. 2015-01-25 16:36:30 +03:00
gptsync.c gptsync: Add missing device_close. 2015-01-24 20:52:02 +01:00
halt.c Add noreturn attributes and remove unreachable code. 2011-12-13 15:13:51 +01:00
hashsum.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
hdparm.c i386, x86_64, ppc: fix switch fallthrough cases with GCC7 2017-04-04 19:23:55 +03:00
help.c * include/grub/list.h (FOR_LIST_ELEMENTS_SAFE): New macro. 2012-07-02 11:19:22 +02:00
hexdump.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
iorw.c Replace grub_target_addr with more appropriate types. 2012-02-27 14:13:24 +01:00
keylayouts.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
keystatus.c Fix USB devices not being detected when requested 2013-03-19 20:35:21 +01:00
legacycfg.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
loadenv.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
ls.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
lsacpi.c * grub-core/commands/lsacpi.c: Fix types on 64-bit platform. 2013-02-06 17:37:29 +01:00
lsmmap.c Translate UEFI persistent memory type 2015-12-15 10:25:34 +03:00
lspci.c Remove nested functions from PCI iterators. 2013-01-13 01:10:41 +00:00
macbless.c commands/macbless: Handle device opening errors correctly. 2015-01-24 21:15:14 +01:00
memrw.c Replace grub_target_addr with more appropriate types. 2012-02-27 14:13:24 +01:00
menuentry.c core: use GRUB_TERM_ definitions when handling term characters 2017-08-07 19:28:22 +02:00
minicmd.c dl: Add support for persistent modules 2018-11-09 13:25:31 +01:00
nativedisk.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
parttool.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
password.c Improve gettext support. Stylistic fixes and error handling fixes while 2012-02-08 19:26:01 +01:00
password_pbkdf2.c password_pbkdf2: fix memory leak 2016-01-12 20:53:26 +03:00
pcidump.c Clarify several translatable messages. 2013-12-21 01:41:16 +01:00
pgp.c verifiers: fix double close on pgp's sig file descriptor 2018-11-21 14:46:53 +01:00
probe.c * grub-core/commands/probe.c: Add missing grub_device_close. 2013-04-28 13:54:32 +02:00
read.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
reboot.c Add noreturn attributes and remove unreachable code. 2011-12-13 15:13:51 +01:00
regexp.c * grub-core/commands/regexp.c (set_matches): Move setvar out of its 2013-03-03 15:24:02 +01:00
search.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
search_file.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_label.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_uuid.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_wrap.c search_wrap: fix memory leak 2015-06-20 23:38:19 +03:00
setpci.c Rewrite spkmodem to use PIT for timing. Double the speed. 2013-01-17 20:06:52 +01:00
sleep.c Lift 255x255 erminal sie restriction to 65535x65535. Also change from 2013-10-19 23:59:32 +02:00
syslinuxcfg.c commands/syslinux: Add missing free. 2015-01-24 21:23:25 +01:00
terminal.c Fix USB devices not being detected when requested 2013-03-19 20:35:21 +01:00
test.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
testload.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
testspeed.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
time.c Improve string. Gettextize. 2012-02-12 15:25:25 +01:00
tr.c commands/tr: Simplify and fix missing parameter test. 2015-01-24 21:25:42 +01:00
true.c * grub-core/commands/acpihalt.c: Add TRANSLATORS comments. 2012-03-03 12:59:28 +01:00
usbtest.c Fix USB devices not being detected when requested 2013-03-19 20:35:21 +01:00
verifiers.c verifiers: Add possibility to defer verification to other verifiers 2018-11-09 13:25:31 +01:00
videoinfo.c * grub-core/commands/videoinfo.c: Use "paletted" rather than "packed 2013-05-07 14:44:05 +02:00
videotest.c * grub-core/commands/videotest.c: Reduce flickering and draw 6 squares 2013-05-02 14:34:13 +02:00
wildcard.c wildcard: Mark unused argument as such. 2015-02-21 16:19:09 +01:00
xnu_uuid.c * grub-core/commands/xnu_uuid.c: Remove variable length arrays. 2013-11-12 01:19:34 +01:00