- pkcsstats: Fix handling of user name
- p11sak: Fix user confirmation prompt behavior when stdin is closed Related: #2159697
This commit is contained in:
Than Ngo
than
parent
5ddc3c6763
commit
4c8aef5468
@ -0,0 +1,52 @@
|
|||||||
|
commit 4ff774568e334a719fc8de16fe2309e2070f0da8
|
||||||
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Mon May 22 11:40:01 2023 +0200
|
||||||
|
|
||||||
|
p11sak: Fix user confirmation prompt behavior when stdin is closed
|
||||||
|
|
||||||
|
Treat any error during user confirmation prompt as 'cancel' and skip all
|
||||||
|
operations.
|
||||||
|
|
||||||
|
One can for example close stdin during a user prompt via CTRL+D. This was
|
||||||
|
erroneously treated as positive confirmation and therefore caused the
|
||||||
|
operation to be performed on the current key object and all further objects
|
||||||
|
matching the filter as well, instead of canceling the operation entirely.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
|
||||||
|
diff --git a/usr/sbin/p11sak/p11sak.c b/usr/sbin/p11sak/p11sak.c
|
||||||
|
index d75d8343..5b54b538 100644
|
||||||
|
--- a/usr/sbin/p11sak/p11sak.c
|
||||||
|
+++ b/usr/sbin/p11sak/p11sak.c
|
||||||
|
@@ -4736,6 +4736,7 @@ static CK_RV handle_key_remove(CK_OBJECT_HANDLE key, CK_OBJECT_CLASS class,
|
||||||
|
data->num_skipped++;
|
||||||
|
return CKR_OK;
|
||||||
|
case 'c':
|
||||||
|
+ case '\0':
|
||||||
|
data->skip_all = true;
|
||||||
|
data->num_skipped++;
|
||||||
|
return CKR_OK;
|
||||||
|
@@ -4825,6 +4826,7 @@ static CK_RV handle_key_set_attr(CK_OBJECT_HANDLE key, CK_OBJECT_CLASS class,
|
||||||
|
data->num_skipped++;
|
||||||
|
return CKR_OK;
|
||||||
|
case 'c':
|
||||||
|
+ case '\0':
|
||||||
|
data->skip_all = true;
|
||||||
|
data->num_skipped++;
|
||||||
|
return CKR_OK;
|
||||||
|
@@ -4974,6 +4976,7 @@ static CK_RV handle_key_copy(CK_OBJECT_HANDLE key, CK_OBJECT_CLASS class,
|
||||||
|
data->num_skipped++;
|
||||||
|
return CKR_OK;
|
||||||
|
case 'c':
|
||||||
|
+ case '\0':
|
||||||
|
data->skip_all = true;
|
||||||
|
data->num_skipped++;
|
||||||
|
return CKR_OK;
|
||||||
|
@@ -6983,6 +6986,7 @@ static CK_RV handle_key_export(CK_OBJECT_HANDLE key, CK_OBJECT_CLASS class,
|
||||||
|
data->num_skipped++;
|
||||||
|
return CKR_OK;
|
||||||
|
case 'c':
|
||||||
|
+ case '\0':
|
||||||
|
data->skip_all = true;
|
||||||
|
data->num_skipped++;
|
||||||
|
return CKR_OK;
|
||||||
@ -0,0 +1,84 @@
|
|||||||
|
commit f4166214552a92d8d66de8011ab11c9c2c6bb0a4
|
||||||
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Mon May 22 13:31:21 2023 +0200
|
||||||
|
|
||||||
|
pkcsstats: Fix handling of user name
|
||||||
|
|
||||||
|
The struct passwd returned by getpwuid() is a pointer to a static area, that
|
||||||
|
may get overwritten by subsequent calls to getpwuid() or similar.
|
||||||
|
Actually, C_Initialize() itself is using getpwuid() internally, and thus will
|
||||||
|
interfere with the getpwuid() usage in pkcsstats.
|
||||||
|
|
||||||
|
Make a copy of the returned user name before calling C_Initialize() in
|
||||||
|
init_ock() to ensure to work with the desired user name, and not with anything
|
||||||
|
left over from previous calls.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
|
||||||
|
diff --git a/usr/sbin/pkcsstats/pkcsstats.c b/usr/sbin/pkcsstats/pkcsstats.c
|
||||||
|
index c2444cf5..a842a295 100644
|
||||||
|
--- a/usr/sbin/pkcsstats/pkcsstats.c
|
||||||
|
+++ b/usr/sbin/pkcsstats/pkcsstats.c
|
||||||
|
@@ -783,6 +783,7 @@ int main(int argc, char **argv)
|
||||||
|
int opt = 0;
|
||||||
|
struct passwd *pswd = NULL;
|
||||||
|
int user_id = -1;
|
||||||
|
+ char *user_name = NULL;
|
||||||
|
bool summary = false, all_users = false, all_mechs = false;
|
||||||
|
bool reset = false, reset_all = false;
|
||||||
|
bool delete = false, delete_all = false;
|
||||||
|
@@ -903,19 +904,27 @@ int main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ user_name = strdup(pswd->pw_name);
|
||||||
|
+ if (user_name == NULL) {
|
||||||
|
+ warnx("Failed to get current user name");
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (delete) {
|
||||||
|
if (slot_id_specified) {
|
||||||
|
warnx("Options -s/--slot and -d/--delete can not be specified together");
|
||||||
|
+ free(user_name);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
- rc = delete_shm(user_id, pswd->pw_name);
|
||||||
|
+ rc = delete_shm(user_id, user_name);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (delete_all) {
|
||||||
|
if (slot_id_specified) {
|
||||||
|
warnx("Options -s/--slot and -D/--delete-all can not be specified together");
|
||||||
|
+ free(user_name);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -932,7 +941,7 @@ int main(int argc, char **argv)
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
if (reset) {
|
||||||
|
- rc = reset_shm(user_id, pswd->pw_name, num_slots, slots,
|
||||||
|
+ rc = reset_shm(user_id, user_name, num_slots, slots,
|
||||||
|
slot_id_specified, slot_id);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
@@ -968,7 +977,7 @@ int main(int argc, char **argv)
|
||||||
|
rc = display_summary(&dd);
|
||||||
|
goto done;
|
||||||
|
} else {
|
||||||
|
- rc = display_stats(user_id, pswd->pw_name, &dd);
|
||||||
|
+ rc = display_stats(user_id, user_name, &dd);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -984,5 +993,7 @@ done:
|
||||||
|
dlclose(dll);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ free(user_name);
|
||||||
|
+
|
||||||
|
return rc == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
|
||||||
|
}
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Name: opencryptoki
|
Name: opencryptoki
|
||||||
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
|
Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0
|
||||||
Version: 3.21.0
|
Version: 3.21.0
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: CPL
|
License: CPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: https://github.com/opencryptoki/opencryptoki
|
URL: https://github.com/opencryptoki/opencryptoki
|
||||||
@ -17,6 +17,10 @@ Patch2: opencryptoki-3.21.0-p11sak.patch
|
|||||||
Patch3: opencryptoki-3.21-sandboxing.patch
|
Patch3: opencryptoki-3.21-sandboxing.patch
|
||||||
|
|
||||||
# upstream patches
|
# upstream patches
|
||||||
|
# pkcsstats: Fix handling of user name
|
||||||
|
Patch100: opencryptoki-3.21.0-f4166214552a92d8d66de8011ab11c9c2c6bb0a4.patch
|
||||||
|
# p11sak: Fix user confirmation prompt behavior when stdin is closed
|
||||||
|
Patch101: opencryptoki-3.21.0-4ff774568e334a719fc8de16fe2309e2070f0da8.patch
|
||||||
|
|
||||||
Requires(pre): coreutils diffutils
|
Requires(pre): coreutils diffutils
|
||||||
Requires: (selinux-policy >= 3.14.3-70 if selinux-policy-targeted)
|
Requires: (selinux-policy >= 3.14.3-70 if selinux-policy-targeted)
|
||||||
@ -375,6 +379,11 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 22 2023 Than Ngo <than@redhat.com> - 3.21.0-3
|
||||||
|
- pkcsstats: Fix handling of user name
|
||||||
|
- p11sak: Fix user confirmation prompt behavior when stdin is closed
|
||||||
|
Related: #2159697
|
||||||
|
|
||||||
* Tue May 16 2023 Than Ngo <than@redhat.com> - 3.21.0-2
|
* Tue May 16 2023 Than Ngo <than@redhat.com> - 3.21.0-2
|
||||||
- add missing /var/lib/opencryptoki/HSM_MK_CHANGE
|
- add missing /var/lib/opencryptoki/HSM_MK_CHANGE
|
||||||
- disable unsupported sandbox options and add /run to ReadWritePaths to exclude
|
- disable unsupported sandbox options and add /run to ReadWritePaths to exclude
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user