From accbbe601fe9630174f56dbfb3169f545117e1b6 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 14 Feb 2022 21:14:51 +0000
Subject: [PATCH] Fix explicit NULL deref when daemonizing

Resolves: #2049320
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
 0001-Revert-Move-license-to-GPLv3.patch       |  4 +-
 ...Fix-format-strings-for-32-bit-arches.patch |  4 +-
 0003-macros-drop-_pesign_args.patch           |  4 +-
 ...ragmas-for-warnings-that-are-too-old.patch |  4 +-
 ...andle-NULL-pwdata-in-cms_set_pw_data.patch | 56 +++++++++++++++++++
 ...0006-fcf-protection-is-arch-specific.patch | 19 ++++---
 pesign.spec                                   |  9 ++-
 7 files changed, 82 insertions(+), 18 deletions(-)
 create mode 100644 0005-Handle-NULL-pwdata-in-cms_set_pw_data.patch
 rename 0005-fcf-protection-is-arch-specific.patch => 0006-fcf-protection-is-arch-specific.patch (65%)

diff --git a/0001-Revert-Move-license-to-GPLv3.patch b/0001-Revert-Move-license-to-GPLv3.patch
index 4b8931c..16311ff 100644
--- a/0001-Revert-Move-license-to-GPLv3.patch
+++ b/0001-Revert-Move-license-to-GPLv3.patch
@@ -1,7 +1,7 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From fc20530a0ef666b49e6276c983d2d16517d3839b Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 1 Feb 2022 15:04:30 -0500
-Subject: [PATCH 1/3] Revert "Move license to GPLv3+"
+Subject: [PATCH 1/6] Revert "Move license to GPLv3+"
 
 This was done too soon.  It's missing some pieces and we need buy-in on
 a couple of source files.
diff --git a/0002-Fix-format-strings-for-32-bit-arches.patch b/0002-Fix-format-strings-for-32-bit-arches.patch
index 3a5ece2..cdb38ba 100644
--- a/0002-Fix-format-strings-for-32-bit-arches.patch
+++ b/0002-Fix-format-strings-for-32-bit-arches.patch
@@ -1,7 +1,7 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From df8783ed4ed87fef850268098690985049916ee9 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 1 Feb 2022 17:37:14 -0500
-Subject: [PATCH 2/3] Fix format strings for 32-bit arches
+Subject: [PATCH 2/6] Fix format strings for 32-bit arches
 
 Sadly, in 2022, this remains a thing.
 
diff --git a/0003-macros-drop-_pesign_args.patch b/0003-macros-drop-_pesign_args.patch
index 0511bfa..de7c2b9 100644
--- a/0003-macros-drop-_pesign_args.patch
+++ b/0003-macros-drop-_pesign_args.patch
@@ -1,7 +1,7 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From 389decab7b9bcba307e52709b00741a19405f02b Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 2 Feb 2022 16:07:46 -0500
-Subject: [PATCH 3/3] macros: drop %{_pesign_args}
+Subject: [PATCH 3/6] macros: drop %{_pesign_args}
 
 Effectively reverts 30b488682a92c524bb9c0d450c34e9abc0b56de9
 
diff --git a/0004-Disable-pragmas-for-warnings-that-are-too-old.patch b/0004-Disable-pragmas-for-warnings-that-are-too-old.patch
index 412f98b..5b4df5d 100644
--- a/0004-Disable-pragmas-for-warnings-that-are-too-old.patch
+++ b/0004-Disable-pragmas-for-warnings-that-are-too-old.patch
@@ -1,7 +1,7 @@
-From 2effad829bd719d2316d7eea45ea6e4f9c291c67 Mon Sep 17 00:00:00 2001
+From 05da4afd1908b0bd8303435aaa342f84a03dfa60 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 9 Feb 2022 14:42:24 -0500
-Subject: [PATCH] Disable pragmas for warnings that are too old
+Subject: [PATCH 4/6] Disable pragmas for warnings that are too old
 
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 ---
diff --git a/0005-Handle-NULL-pwdata-in-cms_set_pw_data.patch b/0005-Handle-NULL-pwdata-in-cms_set_pw_data.patch
new file mode 100644
index 0000000..28dc457
--- /dev/null
+++ b/0005-Handle-NULL-pwdata-in-cms_set_pw_data.patch
@@ -0,0 +1,56 @@
+From 73ad69b8c7b49c8e6175497130bcfc71d5318c86 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Mon, 14 Feb 2022 15:46:25 -0500
+Subject: [PATCH 5/6] Handle NULL pwdata in cms_set_pw_data()
+
+When 12f16710ee44ef64ddb044a3523c3c4c4d90039a rewrote this function, it
+didn't handle the NULL pwdata invocation from daemon.c.  This leads to a
+explicit NULL dereference and crash on all attempts to daemonize pesign.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit b879dda52f8122de697d145977c285fb0a022d76)
+(cherry picked from commit 4d1ead068248b56ecaeb437f0c0b59f9d89b9748)
+---
+ src/cms_common.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/src/cms_common.c b/src/cms_common.c
+index 332999e..ca37e6a 100644
+--- a/src/cms_common.c
++++ b/src/cms_common.c
+@@ -313,7 +313,7 @@ void cms_set_pw_data(cms_context *cms, secuPWData *pwdata)
+ 
+ 	case PW_FROMFD:
+ 		if (cms->pwdata.intdata >= 0 &&
+-		    !(pwdata->source == PW_FROMFD &&
++		    !(pwdata && pwdata->source == PW_FROMFD &&
+ 		      cms->pwdata.intdata == pwdata->intdata))
+ 			close(cms->pwdata.intdata);
+ 		break;
+@@ -330,12 +330,18 @@ void cms_set_pw_data(cms_context *cms, secuPWData *pwdata)
+ 		xfree(cms->pwdata.data);
+ 		break;
+ 	}
+-	memmove(&cms->pwdata, pwdata, sizeof(*pwdata));
+ 
+-	dprintf("pwdata:%p", pwdata);
+-	dprintf("pwdata->source:%d", pwdata->source);
+-	dprintf("pwdata->data:%p (\"%s\")", pwdata->data,
+-		pwdata->data ? pwdata->data : "(null)");
++	if (!pwdata) {
++		cms->pwdata.source = PW_SOURCE_INVALID;
++		dprintf("pwdata:NULL");
++	} else {
++		memmove(&cms->pwdata, pwdata, sizeof(*pwdata));
++		dprintf("pwdata:%p", pwdata);
++		dprintf("pwdata->source:%d", pwdata->source);
++		dprintf("pwdata->data:%p (\"%s\")", pwdata->data,
++			pwdata->data ? pwdata->data : "(null)");
++	}
++
+ 	egress();
+ }
+ 
+-- 
+2.34.1
+
diff --git a/0005-fcf-protection-is-arch-specific.patch b/0006-fcf-protection-is-arch-specific.patch
similarity index 65%
rename from 0005-fcf-protection-is-arch-specific.patch
rename to 0006-fcf-protection-is-arch-specific.patch
index b027c77..77b1fff 100644
--- a/0005-fcf-protection-is-arch-specific.patch
+++ b/0006-fcf-protection-is-arch-specific.patch
@@ -1,18 +1,20 @@
-From d4fb4e0bfe43a3a3ca454ef6297f75962582b464 Mon Sep 17 00:00:00 2001
+From 7ee7e0438a81d432c3055dd751af94f2e3107492 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 9 Feb 2022 15:23:27 -0500
-Subject: [PATCH] -fcf-protection is arch-specific
+Subject: [PATCH 6/6] -fcf-protection is arch-specific
 
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit c48df510144de3b1187001bc3b5491509da1c58f)
+(cherry picked from commit f03c5fbe6b4327b9ecd781bfdf64147e1b68e6c1)
 ---
- Make.defaults | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
+ Make.defaults | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
 
 diff --git a/Make.defaults b/Make.defaults
-index fdb961a..7c320b5 100644
+index fdb961a..130c1ee 100644
 --- a/Make.defaults
 +++ b/Make.defaults
-@@ -22,11 +22,15 @@ EFI_ARCHES ?= aa64 ia32 x64
+@@ -22,11 +22,16 @@ EFI_ARCHES ?= aa64 ia32 x64
  
  enabled = $(if $(filter undefined,$(origin $(1))),$(3),$(2))
  
@@ -25,11 +27,12 @@ index fdb961a..7c320b5 100644
  CCLD	:= $(if $(filter undefined,$(origin CCLD)),$(CC),$(CCLD))
  CFLAGS	?= -O2 -g3 -pipe -fPIE -fstack-protector-all \
 -	-fstack-clash-protection -fcf-protection=full
-+	-fstack-clash-protection $(ifneq(($ARCH), aa64),-fcf-protection=full,)
++	-fstack-clash-protection \
++	$(if $(filter x86_64 ia32,$(ARCH)),-fcf-protection=full,)
  DIAGFLAGS ?= -fmessage-length=0 \
  	     -fdiagnostics-color=always \
  	     -fdiagnostics-format=text \
-@@ -42,9 +46,6 @@ INSTALL	?= $(CROSS_COMPILE)install
+@@ -42,9 +47,6 @@ INSTALL	?= $(CROSS_COMPILE)install
  
  PKGS	= efivar nspr nss nss-util uuid
  
diff --git a/pesign.spec b/pesign.spec
index b39ba42..ac8c287 100644
--- a/pesign.spec
+++ b/pesign.spec
@@ -3,7 +3,7 @@
 Name:    pesign
 Summary: Signing utility for UEFI binaries
 Version: 114
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL-2.0-only
 URL:     https://github.com/rhboot/pesign
 
@@ -48,7 +48,8 @@ Patch0001: 0001-Revert-Move-license-to-GPLv3.patch
 Patch0002: 0002-Fix-format-strings-for-32-bit-arches.patch
 Patch0003: 0003-macros-drop-_pesign_args.patch
 Patch0004: 0004-Disable-pragmas-for-warnings-that-are-too-old.patch
-Patch0005: 0005-fcf-protection-is-arch-specific.patch
+Patch0005: 0005-Handle-NULL-pwdata-in-cms_set_pw_data.patch
+Patch0006: 0006-fcf-protection-is-arch-specific.patch
 
 %description
 This package contains the pesign utility for signing UEFI binaries as
@@ -165,6 +166,10 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
 %{python3_sitelib}/mockbuild/plugins/pesign.*
 
 %changelog
+* Mon Feb 14 2022 Robbie Harwood <rharwood@redhat.com> - 114-4
+- Fix explicit NULL deref when daemonizing
+- Resolves: #2049320
+
 * Wed Feb 09 2022 Robbie Harwood <rharwood@redhat.com> - 114-3
 - Rebuild; no code changes
 - Resolves: #2049320