From 66d3353e6d24c9e69ce71735c5aa4741717a6d68 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 15:31:15 -0400 Subject: [PATCH 20/41] Allocate pesign_context rather than having it on the stack. This way it won't try to re-initialize cms_context when it's cleaned up. Signed-off-by: Peter Jones --- src/pesign.c | 152 ++++++++++++++++++++++++++++++----------------------------- 1 file changed, 77 insertions(+), 75 deletions(-) diff --git a/src/pesign.c b/src/pesign.c index 2ba5ef1..e22e814 100644 --- a/src/pesign.c +++ b/src/pesign.c @@ -426,7 +426,7 @@ main(int argc, char *argv[]) { int rc; - pesign_context ctx, *ctxp = &ctx; + pesign_context *ctxp; int list = 0; int remove = 0; @@ -437,40 +437,47 @@ main(int argc, char *argv[]) char *tokenname = "NSS Certificate DB"; char *certname = NULL; + rc = pesign_context_new(&ctxp); + if (rc < 0) { + fprintf(stderr, "Could not initialize context: %m\n"); + exit(1); + } + poptContext optCon; struct poptOption options[] = { {NULL, '\0', POPT_ARG_INTL_DOMAIN, "pesign" }, - {"in", 'i', POPT_ARG_STRING, &ctx.infile, 0, + {"in", 'i', POPT_ARG_STRING, &ctxp->infile, 0, "specify input file", ""}, - {"out", 'o', POPT_ARG_STRING, &ctx.outfile, 0, + {"out", 'o', POPT_ARG_STRING, &ctxp->outfile, 0, "specify output file", "" }, {"certficate", 'c', POPT_ARG_STRING, &certname, 0, "specify certificate nickname", "" }, - {"privkey", 'p', POPT_ARG_STRING, &ctx.privkeyfile, 0, + {"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0, "specify private key file", "" }, - {"force", 'f', POPT_ARG_VAL, &ctx.force, 1, + {"force", 'f', POPT_ARG_VAL, &ctxp->force, 1, "force overwriting of output file", NULL }, - {"sign", 's', POPT_ARG_VAL, &ctx.sign, 1, + {"sign", 's', POPT_ARG_VAL, &ctxp->sign, 1, "create a new signature", NULL }, - {"hash", 'h', POPT_ARG_VAL, &ctx.hash, 1, "hash binary", NULL }, + {"hash", 'h', POPT_ARG_VAL, &ctxp->hash, 1, "hash binary", NULL }, {"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT, &digest_name, 0, "digest type to use for pe hash" }, {"import-signed-certificate", 'm', POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, - &ctx.insig, 0,"import signature from file", "" }, + &ctxp->insig, 0,"import signature from file", "" }, {"export-signed-attributes", 'E', POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, - &ctx.outsattrs, 0, "export signed attributes to file", + &ctxp->outsattrs, 0, "export signed attributes to file", "" }, {"import-signed-attributes", 'I', POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, - &ctx.insattrs, 0, "import signed attributes from file", + &ctxp->insattrs, 0, + "import signed attributes from file", "" }, {"import-raw-signature", 'R', - POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, &ctx.rawsig, + POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, &ctxp->rawsig, 0, "import raw signature from file", "" }, - {"signature-number", 'u', POPT_ARG_INT, &ctx.signum, -1, + {"signature-number", 'u', POPT_ARG_INT, &ctxp->signum, -1, "specify which signature to operate on",""}, {"list-signatures", 'l', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, @@ -483,13 +490,14 @@ main(int argc, char *argv[]) "remove signature" }, {"export-signature", 'e', POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, - &ctx.outsig, 0,"export signature to file", "" }, + &ctxp->outsig, 0, + "export signature to file", "" }, {"export-pubkey", 'K', POPT_ARG_STRING, - &ctx.outkey, 0, "export pubkey to file", "" }, + &ctxp->outkey, 0, "export pubkey to file", "" }, {"export-cert", 'C', POPT_ARG_STRING, - &ctx.outcert, 0, "export signing cert to file", + &ctxp->outcert, 0, "export signing cert to file", "" }, - {"ascii-armor", 'a', POPT_ARG_VAL, &ctx.ascii, 1, + {"ascii-armor", 'a', POPT_ARG_VAL, &ctxp->ascii, 1, "use ascii armoring", NULL }, {"daemonize", 'D', POPT_ARG_VAL, &daemon, 1, "run as a daemon process", NULL }, @@ -509,12 +517,6 @@ main(int argc, char *argv[]) } } - rc = pesign_context_init(ctxp); - if (rc < 0) { - fprintf(stderr, "Could not initialize context: %m\n"); - exit(1); - } - optCon = poptGetContext("pesign", argc, (const char **)argv, options,0); rc = poptReadDefaultConfig(optCon, 0); @@ -571,25 +573,25 @@ main(int argc, char *argv[]) if (daemon) action |= DAEMONIZE; - if (ctx.rawsig) + if (ctxp->rawsig) action |= IMPORT_RAW_SIGNATURE; - if (ctx.insattrs) + if (ctxp->insattrs) action |= IMPORT_SATTRS; - if (ctx.outsattrs) + if (ctxp->outsattrs) action |= EXPORT_SATTRS; - - if (ctx.insig) + + if (ctxp->insig) action |= IMPORT_SIGNATURE; - if (ctx.outkey) + if (ctxp->outkey) action |= EXPORT_PUBKEY; - if (ctx.outcert) + if (ctxp->outcert) action |= EXPORT_CERT; - if (ctx.outsig) + if (ctxp->outsig) action |= EXPORT_SIGNATURE; if (remove != 0) @@ -598,13 +600,13 @@ main(int argc, char *argv[]) if (list != 0) action |= LIST_SIGNATURES; - if (ctx.sign) { + if (ctxp->sign) { action |= GENERATE_SIGNATURE; if (!(action & EXPORT_SIGNATURE)) action |= IMPORT_SIGNATURE; } - if (ctx.hash) + if (ctxp->hash) action |= GENERATE_DIGEST|PRINT_DIGEST; ssize_t sigspace = 0; @@ -620,11 +622,11 @@ main(int argc, char *argv[]) */ case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS: check_inputs(ctxp); - rc = find_certificate(ctx.cms_ctx); + rc = find_certificate(ctxp->cms_ctx); if (rc < 0) { fprintf(stderr, "pesign: Could not find " "certificate %s\n", - ctx.cms_ctx->certname); + ctxp->cms_ctx->certname); exit(1); } open_rawsig_input(ctxp); @@ -636,19 +638,19 @@ main(int argc, char *argv[]) open_input(ctxp); open_output(ctxp); close_input(ctxp); - generate_digest(ctx.cms_ctx, ctx.outpe); - sigspace = calculate_signature_space(ctx.cms_ctx, - ctx.outpe); - allocate_signature_space(ctx.outpe, sigspace); - generate_signature(ctx.cms_ctx); - insert_signature(ctx.cms_ctx, ctx.signum); - finalize_signatures(ctx.cms_ctx, ctx.outpe); + generate_digest(ctxp->cms_ctx, ctxp->outpe); + sigspace = calculate_signature_space(ctxp->cms_ctx, + ctxp->outpe); + allocate_signature_space(ctxp->outpe, sigspace); + generate_signature(ctxp->cms_ctx); + insert_signature(ctxp->cms_ctx, ctxp->signum); + finalize_signatures(ctxp->cms_ctx, ctxp->outpe); close_output(ctxp); break; case EXPORT_SATTRS: open_input(ctxp); open_sattr_output(ctxp); - generate_digest(ctx.cms_ctx, ctx.inpe); + generate_digest(ctxp->cms_ctx, ctxp->inpe); generate_sattr_blob(ctxp); close_sattr_output(ctxp); close_input(ctxp); @@ -666,22 +668,22 @@ main(int argc, char *argv[]) close_output(ctxp); break; case EXPORT_PUBKEY: - rc = find_certificate(ctx.cms_ctx); + rc = find_certificate(ctxp->cms_ctx); if (rc < 0) { fprintf(stderr, "pesign: Could not find " "certificate %s\n", - ctx.cms_ctx->certname); + ctxp->cms_ctx->certname); exit(1); } open_pubkey_output(ctxp); export_pubkey(ctxp); break; case EXPORT_CERT: - rc = find_certificate(ctx.cms_ctx); + rc = find_certificate(ctxp->cms_ctx); if (rc < 0) { fprintf(stderr, "pesign: Could not find " "certificate %s\n", - ctx.cms_ctx->certname); + ctxp->cms_ctx->certname); exit(1); } open_cert_output(ctxp); @@ -691,21 +693,21 @@ main(int argc, char *argv[]) case EXPORT_SIGNATURE: open_input(ctxp); open_sig_output(ctxp); - if (ctx.signum > ctx.cms_ctx->num_signatures) { + if (ctxp->signum > ctxp->cms_ctx->num_signatures) { fprintf(stderr, "Invalid signature number.\n"); exit(1); } - if (ctx.signum < 0) - ctx.signum = 0; - if (ctx.signum >= ctx.cms_ctx->num_signatures) { + if (ctxp->signum < 0) + ctxp->signum = 0; + if (ctxp->signum >= ctxp->cms_ctx->num_signatures) { fprintf(stderr, "No valid signature #%d.\n", - ctx.signum); + ctxp->signum); exit(1); } - memcpy(&ctx.cms_ctx->newsig, - ctx.cms_ctx->signatures[ctx.signum], - sizeof (ctx.cms_ctx->newsig)); - export_signature(ctx.cms_ctx, ctx.outsigfd, ctx.ascii); + memcpy(&ctxp->cms_ctx->newsig, + ctxp->cms_ctx->signatures[ctxp->signum], + sizeof (ctxp->cms_ctx->newsig)); + export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii); close_input(ctxp); close_sig_output(ctxp); break; @@ -715,11 +717,11 @@ main(int argc, char *argv[]) open_input(ctxp); open_output(ctxp); close_input(ctxp); - if (ctx.signum > ctx.cms_ctx->num_signatures) { + if (ctxp->signum > ctxp->cms_ctx->num_signatures) { fprintf(stderr, "Invalid signature number.\n"); exit(1); } - remove_signature(&ctx); + remove_signature(ctxp); close_output(ctxp); break; /* list signatures in the binary */ @@ -729,49 +731,49 @@ main(int argc, char *argv[]) break; case GENERATE_DIGEST|PRINT_DIGEST: open_input(ctxp); - generate_digest(ctx.cms_ctx, ctx.inpe); + generate_digest(ctxp->cms_ctx, ctxp->inpe); print_digest(ctxp); break; /* generate a signature and save it in a separate file */ case EXPORT_SIGNATURE|GENERATE_SIGNATURE: - rc = find_certificate(ctx.cms_ctx); + rc = find_certificate(ctxp->cms_ctx); if (rc < 0) { fprintf(stderr, "pesign: Could not find " "certificate %s\n", - ctx.cms_ctx->certname); + ctxp->cms_ctx->certname); exit(1); } open_input(ctxp); open_sig_output(ctxp); - generate_digest(ctx.cms_ctx, ctx.inpe); - generate_signature(ctx.cms_ctx); - export_signature(ctx.cms_ctx, ctx.outsigfd, ctx.ascii); + generate_digest(ctxp->cms_ctx, ctxp->inpe); + generate_signature(ctxp->cms_ctx); + export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii); break; /* generate a signature and embed it in the binary */ case IMPORT_SIGNATURE|GENERATE_SIGNATURE: check_inputs(ctxp); - rc = find_certificate(ctx.cms_ctx); + rc = find_certificate(ctxp->cms_ctx); if (rc < 0) { fprintf(stderr, "pesign: Could not find " "certificate %s\n", - ctx.cms_ctx->certname); + ctxp->cms_ctx->certname); exit(1); } open_input(ctxp); open_output(ctxp); close_input(ctxp); - generate_digest(ctx.cms_ctx, ctx.outpe); - sigspace = calculate_signature_space(ctx.cms_ctx, - ctx.outpe); - allocate_signature_space(ctx.outpe, sigspace); - generate_digest(ctx.cms_ctx, ctx.outpe); - generate_signature(ctx.cms_ctx); - insert_signature(ctx.cms_ctx, ctx.signum); - finalize_signatures(ctx.cms_ctx, ctx.outpe); + generate_digest(ctxp->cms_ctx, ctxp->outpe); + sigspace = calculate_signature_space(ctxp->cms_ctx, + ctxp->outpe); + allocate_signature_space(ctxp->outpe, sigspace); + generate_digest(ctxp->cms_ctx, ctxp->outpe); + generate_signature(ctxp->cms_ctx); + insert_signature(ctxp->cms_ctx, ctxp->signum); + finalize_signatures(ctxp->cms_ctx, ctxp->outpe); close_output(ctxp); break; case DAEMONIZE: - rc = daemonize(ctx.cms_ctx, fork); + rc = daemonize(ctxp->cms_ctx, fork); break; default: fprintf(stderr, "Incompatible flags (0x%08x): ", action); @@ -782,7 +784,7 @@ main(int argc, char *argv[]) fprintf(stderr, "\n"); exit(1); } - pesign_context_fini(&ctx); + pesign_context_free(ctxp); NSS_Shutdown(); return (rc < 0); -- 1.7.12.1