pesign/0020-Allocate-pesign_context-rather-than-having-it-on-the.patch

From 66d3353e6d24c9e69ce71735c5aa4741717a6d68 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 15:31:15 -0400
Subject: [PATCH 20/42] Allocate pesign_context rather than having it on the
 stack.

This way it won't try to re-initialize cms_context when it's cleaned up.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 src/pesign.c | 152 ++++++++++++++++++++++++++++++-----------------------------
 1 file changed, 77 insertions(+), 75 deletions(-)

diff --git a/src/pesign.c b/src/pesign.c
index 2ba5ef1..e22e814 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -426,7 +426,7 @@ main(int argc, char *argv[])
 {
 	int rc;
 
-	pesign_context ctx, *ctxp = &ctx;
+	pesign_context *ctxp;
 
 	int list = 0;
 	int remove = 0;
@@ -437,40 +437,47 @@ main(int argc, char *argv[])
 	char *tokenname = "NSS Certificate DB";
 	char *certname = NULL;
 
+	rc = pesign_context_new(&ctxp);
+	if (rc < 0) {
+		fprintf(stderr, "Could not initialize context: %m\n");
+		exit(1);
+	}
+
 	poptContext optCon;
 	struct poptOption options[] = {
 		{NULL, '\0', POPT_ARG_INTL_DOMAIN, "pesign" },
-		{"in", 'i', POPT_ARG_STRING, &ctx.infile, 0,
+		{"in", 'i', POPT_ARG_STRING, &ctxp->infile, 0,
 			"specify input file", "<infile>"},
-		{"out", 'o', POPT_ARG_STRING, &ctx.outfile, 0,
+		{"out", 'o', POPT_ARG_STRING, &ctxp->outfile, 0,
 			"specify output file", "<outfile>" },
 		{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
 			"specify certificate nickname",
 			"<certificate nickname>" },
-		{"privkey", 'p', POPT_ARG_STRING, &ctx.privkeyfile, 0,
+		{"privkey", 'p', POPT_ARG_STRING, &ctxp->privkeyfile, 0,
 			"specify private key file", "<privkey>" },
-		{"force", 'f', POPT_ARG_VAL, &ctx.force,  1,
+		{"force", 'f', POPT_ARG_VAL, &ctxp->force,  1,
 			"force overwriting of output file", NULL },
-		{"sign", 's', POPT_ARG_VAL, &ctx.sign, 1,
+		{"sign", 's', POPT_ARG_VAL, &ctxp->sign, 1,
 			"create a new signature", NULL },
-		{"hash", 'h', POPT_ARG_VAL, &ctx.hash, 1, "hash binary", NULL },
+		{"hash", 'h', POPT_ARG_VAL, &ctxp->hash, 1, "hash binary", NULL },
 		{"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
 			&digest_name, 0, "digest type to use for pe hash" },
 		{"import-signed-certificate", 'm',
 			POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
-			&ctx.insig, 0,"import signature from file", "<insig>" },
+			&ctxp->insig, 0,"import signature from file", "<insig>" },
 		{"export-signed-attributes", 'E',
 			POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
-			&ctx.outsattrs, 0, "export signed attributes to file",
+			&ctxp->outsattrs, 0, "export signed attributes to file",
 			"<signed_attributes_file>" },
 		{"import-signed-attributes", 'I',
 			POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
-			&ctx.insattrs, 0, "import signed attributes from file",
+			&ctxp->insattrs, 0,
+			"import signed attributes from file",
 			"<signed_attributes_file>" },
 		{"import-raw-signature", 'R',
-			POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, &ctx.rawsig,
+			POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, &ctxp->rawsig,
 			0, "import raw signature from file", "<inraw>" },
-		{"signature-number", 'u', POPT_ARG_INT, &ctx.signum, -1,
+		{"signature-number", 'u', POPT_ARG_INT, &ctxp->signum, -1,
 			"specify which signature to operate on","<sig-number>"},
 		{"list-signatures", 'l',
 			POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
@@ -483,13 +490,14 @@ main(int argc, char *argv[])
 			"remove signature" },
 		{"export-signature", 'e',
 			POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
-			&ctx.outsig, 0,"export signature to file", "<outsig>" },
+			&ctxp->outsig, 0,
+			"export signature to file", "<outsig>" },
 		{"export-pubkey", 'K', POPT_ARG_STRING,
-			&ctx.outkey, 0, "export pubkey to file", "<outkey>" },
+			&ctxp->outkey, 0, "export pubkey to file", "<outkey>" },
 		{"export-cert", 'C', POPT_ARG_STRING,
-			&ctx.outcert, 0, "export signing cert to file",
+			&ctxp->outcert, 0, "export signing cert to file",
 			"<outcert>" },
-		{"ascii-armor", 'a', POPT_ARG_VAL, &ctx.ascii, 1,
+		{"ascii-armor", 'a', POPT_ARG_VAL, &ctxp->ascii, 1,
 			"use ascii armoring", NULL },
 		{"daemonize", 'D', POPT_ARG_VAL, &daemon, 1,
 			"run as a daemon process", NULL },
@@ -509,12 +517,6 @@ main(int argc, char *argv[])
 		}
 	}
 
-	rc = pesign_context_init(ctxp);
-	if (rc < 0) {
-		fprintf(stderr, "Could not initialize context: %m\n");
-		exit(1);
-	}
-
 	optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
 
 	rc = poptReadDefaultConfig(optCon, 0);
@@ -571,25 +573,25 @@ main(int argc, char *argv[])
 	if (daemon)
 		action |= DAEMONIZE;
 
-	if (ctx.rawsig)
+	if (ctxp->rawsig)
 		action |= IMPORT_RAW_SIGNATURE;
 
-	if (ctx.insattrs)
+	if (ctxp->insattrs)
 		action |= IMPORT_SATTRS;
 
-	if (ctx.outsattrs)
+	if (ctxp->outsattrs)
 		action |= EXPORT_SATTRS;
-		
-	if (ctx.insig)
+
+	if (ctxp->insig)
 		action |= IMPORT_SIGNATURE;
 
-	if (ctx.outkey)
+	if (ctxp->outkey)
 		action |= EXPORT_PUBKEY;
 
-	if (ctx.outcert)
+	if (ctxp->outcert)
 		action |= EXPORT_CERT;
 
-	if (ctx.outsig)
+	if (ctxp->outsig)
 		action |= EXPORT_SIGNATURE;
 
 	if (remove != 0)
@@ -598,13 +600,13 @@ main(int argc, char *argv[])
 	if (list != 0)
 		action |= LIST_SIGNATURES;
 
-	if (ctx.sign) {
+	if (ctxp->sign) {
 		action |= GENERATE_SIGNATURE;
 		if (!(action & EXPORT_SIGNATURE))
 			action |= IMPORT_SIGNATURE;
 	}
 
-	if (ctx.hash)
+	if (ctxp->hash)
 		action |= GENERATE_DIGEST|PRINT_DIGEST;
 
 	ssize_t sigspace = 0;
@@ -620,11 +622,11 @@ main(int argc, char *argv[])
 		 */
 		case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
 			check_inputs(ctxp);
-			rc = find_certificate(ctx.cms_ctx);
+			rc = find_certificate(ctxp->cms_ctx);
 			if (rc < 0) {
 				fprintf(stderr, "pesign: Could not find "
 					"certificate %s\n",
-					ctx.cms_ctx->certname);
+					ctxp->cms_ctx->certname);
 				exit(1);
 			}
 			open_rawsig_input(ctxp);
@@ -636,19 +638,19 @@ main(int argc, char *argv[])
 			open_input(ctxp);
 			open_output(ctxp);
 			close_input(ctxp);
-			generate_digest(ctx.cms_ctx, ctx.outpe);
-			sigspace = calculate_signature_space(ctx.cms_ctx,
-								ctx.outpe);
-			allocate_signature_space(ctx.outpe, sigspace);
-			generate_signature(ctx.cms_ctx);
-			insert_signature(ctx.cms_ctx, ctx.signum);
-			finalize_signatures(ctx.cms_ctx, ctx.outpe);
+			generate_digest(ctxp->cms_ctx, ctxp->outpe);
+			sigspace = calculate_signature_space(ctxp->cms_ctx,
+								ctxp->outpe);
+			allocate_signature_space(ctxp->outpe, sigspace);
+			generate_signature(ctxp->cms_ctx);
+			insert_signature(ctxp->cms_ctx, ctxp->signum);
+			finalize_signatures(ctxp->cms_ctx, ctxp->outpe);
 			close_output(ctxp);
 			break;
 		case EXPORT_SATTRS:
 			open_input(ctxp);
 			open_sattr_output(ctxp);
-			generate_digest(ctx.cms_ctx, ctx.inpe);
+			generate_digest(ctxp->cms_ctx, ctxp->inpe);
 			generate_sattr_blob(ctxp);
 			close_sattr_output(ctxp);
 			close_input(ctxp);
@@ -666,22 +668,22 @@ main(int argc, char *argv[])
 			close_output(ctxp);
 			break;
 		case EXPORT_PUBKEY:
-			rc = find_certificate(ctx.cms_ctx);
+			rc = find_certificate(ctxp->cms_ctx);
 			if (rc < 0) {
 				fprintf(stderr, "pesign: Could not find "
 					"certificate %s\n",
-					ctx.cms_ctx->certname);
+					ctxp->cms_ctx->certname);
 				exit(1);
 			}
 			open_pubkey_output(ctxp);
 			export_pubkey(ctxp);
 			break;
 		case EXPORT_CERT:
-			rc = find_certificate(ctx.cms_ctx);
+			rc = find_certificate(ctxp->cms_ctx);
 			if (rc < 0) {
 				fprintf(stderr, "pesign: Could not find "
 					"certificate %s\n",
-					ctx.cms_ctx->certname);
+					ctxp->cms_ctx->certname);
 				exit(1);
 			}
 			open_cert_output(ctxp);
@@ -691,21 +693,21 @@ main(int argc, char *argv[])
 		case EXPORT_SIGNATURE:
 			open_input(ctxp);
 			open_sig_output(ctxp);
-			if (ctx.signum > ctx.cms_ctx->num_signatures) {
+			if (ctxp->signum > ctxp->cms_ctx->num_signatures) {
 				fprintf(stderr, "Invalid signature number.\n");
 				exit(1);
 			}
-			if (ctx.signum < 0)
-				ctx.signum = 0;
-			if (ctx.signum >= ctx.cms_ctx->num_signatures) {
+			if (ctxp->signum < 0)
+				ctxp->signum = 0;
+			if (ctxp->signum >= ctxp->cms_ctx->num_signatures) {
 				fprintf(stderr, "No valid signature #%d.\n",
-					ctx.signum);
+					ctxp->signum);
 				exit(1);
 			}
-			memcpy(&ctx.cms_ctx->newsig,
-				ctx.cms_ctx->signatures[ctx.signum],
-				sizeof (ctx.cms_ctx->newsig));
-			export_signature(ctx.cms_ctx, ctx.outsigfd, ctx.ascii);
+			memcpy(&ctxp->cms_ctx->newsig,
+				ctxp->cms_ctx->signatures[ctxp->signum],
+				sizeof (ctxp->cms_ctx->newsig));
+			export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii);
 			close_input(ctxp);
 			close_sig_output(ctxp);
 			break;
@@ -715,11 +717,11 @@ main(int argc, char *argv[])
 			open_input(ctxp);
 			open_output(ctxp);
 			close_input(ctxp);
-			if (ctx.signum > ctx.cms_ctx->num_signatures) {
+			if (ctxp->signum > ctxp->cms_ctx->num_signatures) {
 				fprintf(stderr, "Invalid signature number.\n");
 				exit(1);
 			}
-			remove_signature(&ctx);
+			remove_signature(ctxp);
 			close_output(ctxp);
 			break;
 		/* list signatures in the binary */
@@ -729,49 +731,49 @@ main(int argc, char *argv[])
 			break;
 		case GENERATE_DIGEST|PRINT_DIGEST:
 			open_input(ctxp);
-			generate_digest(ctx.cms_ctx, ctx.inpe);
+			generate_digest(ctxp->cms_ctx, ctxp->inpe);
 			print_digest(ctxp);
 			break;
 		/* generate a signature and save it in a separate file */
 		case EXPORT_SIGNATURE|GENERATE_SIGNATURE:
-			rc = find_certificate(ctx.cms_ctx);
+			rc = find_certificate(ctxp->cms_ctx);
 			if (rc < 0) {
 				fprintf(stderr, "pesign: Could not find "
 					"certificate %s\n",
-					ctx.cms_ctx->certname);
+					ctxp->cms_ctx->certname);
 				exit(1);
 			}
 			open_input(ctxp);
 			open_sig_output(ctxp);
-			generate_digest(ctx.cms_ctx, ctx.inpe);
-			generate_signature(ctx.cms_ctx);
-			export_signature(ctx.cms_ctx, ctx.outsigfd, ctx.ascii);
+			generate_digest(ctxp->cms_ctx, ctxp->inpe);
+			generate_signature(ctxp->cms_ctx);
+			export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii);
 			break;
 		/* generate a signature and embed it in the binary */
 		case IMPORT_SIGNATURE|GENERATE_SIGNATURE:
 			check_inputs(ctxp);
-			rc = find_certificate(ctx.cms_ctx);
+			rc = find_certificate(ctxp->cms_ctx);
 			if (rc < 0) {
 				fprintf(stderr, "pesign: Could not find "
 					"certificate %s\n",
-					ctx.cms_ctx->certname);
+					ctxp->cms_ctx->certname);
 				exit(1);
 			}
 			open_input(ctxp);
 			open_output(ctxp);
 			close_input(ctxp);
-			generate_digest(ctx.cms_ctx, ctx.outpe);
-			sigspace = calculate_signature_space(ctx.cms_ctx,
-							     ctx.outpe);
-			allocate_signature_space(ctx.outpe, sigspace);
-			generate_digest(ctx.cms_ctx, ctx.outpe);
-			generate_signature(ctx.cms_ctx);
-			insert_signature(ctx.cms_ctx, ctx.signum);
-			finalize_signatures(ctx.cms_ctx, ctx.outpe);
+			generate_digest(ctxp->cms_ctx, ctxp->outpe);
+			sigspace = calculate_signature_space(ctxp->cms_ctx,
+							     ctxp->outpe);
+			allocate_signature_space(ctxp->outpe, sigspace);
+			generate_digest(ctxp->cms_ctx, ctxp->outpe);
+			generate_signature(ctxp->cms_ctx);
+			insert_signature(ctxp->cms_ctx, ctxp->signum);
+			finalize_signatures(ctxp->cms_ctx, ctxp->outpe);
 			close_output(ctxp);
 			break;
 		case DAEMONIZE:
-			rc = daemonize(ctx.cms_ctx, fork);
+			rc = daemonize(ctxp->cms_ctx, fork);
 			break;
 		default:
 			fprintf(stderr, "Incompatible flags (0x%08x): ", action);
@@ -782,7 +784,7 @@ main(int argc, char *argv[])
 			fprintf(stderr, "\n");
 			exit(1);
 	}
-	pesign_context_fini(&ctx);
+	pesign_context_free(ctxp);
 
 	NSS_Shutdown();
 	return (rc < 0);
-- 
1.7.12.1