Fix explicit NULL deref when daemonizing

Resolves: #2049320 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-14 21:14:51 +00:00 · 2022-02-14 21:14:51 +00:00 · accbbe601f
commit accbbe601f
parent e5d5442e58
7 changed files with 82 additions and 18 deletions
--- a/0001-Revert-Move-license-to-GPLv3.patch
+++ b/0001-Revert-Move-license-to-GPLv3.patch
@ -1,7 +1,7 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From fc20530a0ef666b49e6276c983d2d16517d3839b Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 1 Feb 2022 15:04:30 -0500
-Subject: [PATCH 1/3] Revert "Move license to GPLv3+"
+Subject: [PATCH 1/6] Revert "Move license to GPLv3+"
 This was done too soon.  It's missing some pieces and we need buy-in on
 a couple of source files.
--- a/0002-Fix-format-strings-for-32-bit-arches.patch
+++ b/0002-Fix-format-strings-for-32-bit-arches.patch
@ -1,7 +1,7 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From df8783ed4ed87fef850268098690985049916ee9 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 1 Feb 2022 17:37:14 -0500
-Subject: [PATCH 2/3] Fix format strings for 32-bit arches
+Subject: [PATCH 2/6] Fix format strings for 32-bit arches
 Sadly, in 2022, this remains a thing.
--- a/0003-macros-drop-_pesign_args.patch
+++ b/0003-macros-drop-_pesign_args.patch
@ -1,7 +1,7 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From 389decab7b9bcba307e52709b00741a19405f02b Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 2 Feb 2022 16:07:46 -0500
-Subject: [PATCH 3/3] macros: drop %{_pesign_args}
+Subject: [PATCH 3/6] macros: drop %{_pesign_args}
 Effectively reverts 30b488682a92c524bb9c0d450c34e9abc0b56de9
--- a/0004-Disable-pragmas-for-warnings-that-are-too-old.patch
+++ b/0004-Disable-pragmas-for-warnings-that-are-too-old.patch
@ -1,7 +1,7 @@
-From 2effad829bd719d2316d7eea45ea6e4f9c291c67 Mon Sep 17 00:00:00 2001
+From 05da4afd1908b0bd8303435aaa342f84a03dfa60 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 9 Feb 2022 14:42:24 -0500
-Subject: [PATCH] Disable pragmas for warnings that are too old
+Subject: [PATCH 4/6] Disable pragmas for warnings that are too old
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 ---
--- a/0005-Handle-NULL-pwdata-in-cms_set_pw_data.patch
+++ b/0005-Handle-NULL-pwdata-in-cms_set_pw_data.patch
@ -0,0 +1,56 @@
 From 73ad69b8c7b49c8e6175497130bcfc71d5318c86 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Mon, 14 Feb 2022 15:46:25 -0500
 Subject: [PATCH 5/6] Handle NULL pwdata in cms_set_pw_data()
 When 12f16710ee44ef64ddb044a3523c3c4c4d90039a rewrote this function, it
 didn't handle the NULL pwdata invocation from daemon.c.  This leads to a
 explicit NULL dereference and crash on all attempts to daemonize pesign.
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 (cherry picked from commit b879dda52f8122de697d145977c285fb0a022d76)
 (cherry picked from commit 4d1ead068248b56ecaeb437f0c0b59f9d89b9748)
 ---
 src/cms_common.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)
 diff --git a/src/cms_common.c b/src/cms_common.c
 index 332999e..ca37e6a 100644
 --- a/src/cms_common.c
 +++ b/src/cms_common.c
@@ -313,7 +313,7 @@ void cms_set_pw_data(cms_context *cms, secuPWData *pwdata)
 	case PW_FROMFD:
 		if (cms->pwdata.intdata >= 0 &&
 -		    !(pwdata->source == PW_FROMFD &&
 +		    !(pwdata && pwdata->source == PW_FROMFD &&
 		      cms->pwdata.intdata == pwdata->intdata))
 			close(cms->pwdata.intdata);
 		break;
@@ -330,12 +330,18 @@ void cms_set_pw_data(cms_context *cms, secuPWData *pwdata)
 		xfree(cms->pwdata.data);
 		break;
 	}
 -	memmove(&cms->pwdata, pwdata, sizeof(*pwdata));
 -	dprintf("pwdata:%p", pwdata);
 -	dprintf("pwdata->source:%d", pwdata->source);
 -	dprintf("pwdata->data:%p (\"%s\")", pwdata->data,
 -		pwdata->data ? pwdata->data : "(null)");
 +	if (!pwdata) {
 +		cms->pwdata.source = PW_SOURCE_INVALID;
 +		dprintf("pwdata:NULL");
 +	} else {
 +		memmove(&cms->pwdata, pwdata, sizeof(*pwdata));
 +		dprintf("pwdata:%p", pwdata);
 +		dprintf("pwdata->source:%d", pwdata->source);
 +		dprintf("pwdata->data:%p (\"%s\")", pwdata->data,
 +			pwdata->data ? pwdata->data : "(null)");
 +	}
 +
 	egress();
 }
 -- 
 2.34.1
--- a/0006-fcf-protection-is-arch-specific.patch
+++ b/0006-fcf-protection-is-arch-specific.patch
@ -1,18 +1,20 @@
-From d4fb4e0bfe43a3a3ca454ef6297f75962582b464 Mon Sep 17 00:00:00 2001
+From 7ee7e0438a81d432c3055dd751af94f2e3107492 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 9 Feb 2022 15:23:27 -0500
-Subject: [PATCH] -fcf-protection is arch-specific
+Subject: [PATCH 6/6] -fcf-protection is arch-specific
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 (cherry picked from commit c48df510144de3b1187001bc3b5491509da1c58f)
 (cherry picked from commit f03c5fbe6b4327b9ecd781bfdf64147e1b68e6c1)
 ---
- Make.defaults | 9 +++++----
+ Make.defaults | 10 ++++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
+ 1 file changed, 6 insertions(+), 4 deletions(-)
 diff --git a/Make.defaults b/Make.defaults
-index fdb961a..7c320b5 100644
+index fdb961a..130c1ee 100644
 --- a/Make.defaults
 +++ b/Make.defaults
-@@ -22,11 +22,15 @@ EFI_ARCHES ?= aa64 ia32 x64
+@@ -22,11 +22,16 @@ EFI_ARCHES ?= aa64 ia32 x64
 enabled = $(if $(filter undefined,$(origin $(1))),$(3),$(2))
@ -25,11 +27,12 @@ index fdb961a..7c320b5 100644
 CCLD	:= $(if $(filter undefined,$(origin CCLD)),$(CC),$(CCLD))
 CFLAGS	?= -O2 -g3 -pipe -fPIE -fstack-protector-all \
 -	-fstack-clash-protection -fcf-protection=full
-+	-fstack-clash-protection $(ifneq(($ARCH), aa64),-fcf-protection=full,)
+	-fstack-clash-protection \
 +	$(if $(filter x86_64 ia32,$(ARCH)),-fcf-protection=full,)
 DIAGFLAGS ?= -fmessage-length=0 \
 	     -fdiagnostics-color=always \
 	     -fdiagnostics-format=text \
-@@ -42,9 +46,6 @@ INSTALL	?= $(CROSS_COMPILE)install
+@@ -42,9 +47,6 @@ INSTALL	?= $(CROSS_COMPILE)install
 PKGS	= efivar nspr nss nss-util uuid
--- a/pesign.spec
+++ b/pesign.spec
@ -3,7 +3,7 @@
 Name:    pesign
 Summary: Signing utility for UEFI binaries
 Version: 114
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL-2.0-only
 URL:     https://github.com/rhboot/pesign
@ -48,7 +48,8 @@ Patch0001: 0001-Revert-Move-license-to-GPLv3.patch
 Patch0002: 0002-Fix-format-strings-for-32-bit-arches.patch
 Patch0003: 0003-macros-drop-_pesign_args.patch
 Patch0004: 0004-Disable-pragmas-for-warnings-that-are-too-old.patch
-Patch0005: 0005-fcf-protection-is-arch-specific.patch
+Patch0005: 0005-Handle-NULL-pwdata-in-cms_set_pw_data.patch
 Patch0006: 0006-fcf-protection-is-arch-specific.patch
 %description
 This package contains the pesign utility for signing UEFI binaries as
@ -165,6 +166,10 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
 %{python3_sitelib}/mockbuild/plugins/pesign.*
 %changelog
 * Mon Feb 14 2022 Robbie Harwood <rharwood@redhat.com> - 114-4
 - Fix explicit NULL deref when daemonizing
 - Resolves: #2049320
 * Wed Feb 09 2022 Robbie Harwood <rharwood@redhat.com> - 114-3
 - Rebuild; no code changes
 - Resolves: #2049320