grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] verifiers: fix double close on pgp's sig file descriptor


From: Daniel Kiper
Subject: Re: [PATCH v3] verifiers: fix double close on pgp's sig file descriptor
Date: Wed, 21 Nov 2018 15:06:41 +0100
User-agent: NeoMutt/20170113 (1.7.2)

On Tue, Nov 20, 2018 at 07:15:37PM +0800, Michael Chang wrote:
> An error emerged as when I was tesing the verifiers branch, so instead
> of putting it in pgp prefix, the verifiers is used to reflect what the
> patch is based on.
>
> While running verify_detached, grub aborts with error.
>
> verify_detached /@/.snapshots/1/snapshot/boot/grub/grub.cfg
> /@/.snapshots/1/snapshot/boot/grub/grub.cfg.sig
>
> alloc magic is broken at 0x7beea660: 0
> Aborted. Press any key to exit.
>
> The error is caused by sig file desciptor been closed twice, first time
> in grub_verify_signature() to which it is passed as parameter. Second in
> grub_cmd_verify_signature() or in whichever opens the sig file
> decriptor. The second close is not consider as bug to me either, as in
> common rule of what opens a file has to close it to avoid file
> descriptor leakage.
>
> Afterall the design of grub_verify_signature() makes it diffcult to keep
> a good trace on opened file descriptor from it's caller. Let's refine
> the application interface to accept file path rather than descriptor, in
> this way the caller doesn't have to care about closing the descriptor by
> delegating it to grub_verify_signature() with full tracing to opened
> file descriptor by itself.
>
> Also making it clear that sig descriptor is not referenced in error
> returning path of grub_verify_signature_init(), so it can be closed
> directly by it's caller. This also makes delegating it to
> grub_pubkey_close() infeasible to help in relieving file descriptor
> leakage as it has to depend on uncertainty of ctxt fields in error
> returning path.
>
> Signed-off-by: Michael Chang <address@hidden>

Pushed! Thanks a lot!

Daniel



reply via email to

[Prev in Thread] Current Thread [Next in Thread]