From 38dcb1a6f12115e156aa4f36997bd4760347e821 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 16 May 2020 17:53:29 +0200 Subject: [PATCH] usign-exec: fix exec error handling When execvp fails in the forked process, we must exit. Also add an error message. Signed-off-by: Matthias Schiffer --- ucert.c | 4 ++-- usign-exec.c | 40 ++++++++++++++++++++-------------------- usign.h | 8 +++++--- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/ucert.c b/ucert.c index 89bf0c6..208d5f6 100644 --- a/ucert.c +++ b/ucert.c @@ -349,7 +349,7 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile, blobmsg_data_len(payloadtb[CERT_PL_ATTR_PUBKEY]), false); - if (usign_f_pubkey(chainedfp, chainedpubkey)) { + if (usign_f_pubkey(chainedfp, chainedpubkey, quiet)) { DPRINTF("cannot get fingerprint for chained key\n"); ret = 2; goto clean_and_return; @@ -460,7 +460,7 @@ static int cert_issue(const char *certfile, const char *pubkeyfile, const char * pkb[pklen] = '\0'; - if (usign_f_pubkey(pkfp, pubkeyfile)) + if (usign_f_pubkey(pkfp, pubkeyfile, quiet)) return -1; gettimeofday(&tv, NULL); diff --git a/usign-exec.c b/usign-exec.c index 4ff2e63..22fdc14 100644 --- a/usign-exec.c +++ b/usign-exec.c @@ -72,10 +72,10 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo return -1; case 0: - if (execvp(usign_argv[0], (char *const *)usign_argv)) - return -1; - - break; + execvp(usign_argv[0], (char *const *)usign_argv); + if (!quiet) + perror("Failed to execute usign"); + _exit(1); default: waitpid(pid, &status, 0); @@ -94,7 +94,7 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo * call usign -F ... and set fingerprint returned * return WEXITSTATUS or -1 if fork or execv fails */ -static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile) { +static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile, bool quiet) { int fds[2]; pid_t pid; int status; @@ -135,10 +135,10 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey close(fds[0]); close(fds[1]); - if (execvp(usign_argv[0], (char *const *)usign_argv)) - return -1; - - break; + execvp(usign_argv[0], (char *const *)usign_argv); + if (!quiet) + perror("Failed to execute usign"); + _exit(1); default: waitpid(pid, &status, 0); @@ -164,22 +164,22 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey /* * call usign -F -p ... */ -int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) { - return usign_f(fingerprint, pubkeyfile, NULL, NULL); +int usign_f_pubkey(char *fingerprint, const char *pubkeyfile, bool quiet) { + return usign_f(fingerprint, pubkeyfile, NULL, NULL, quiet); } /* * call usign -F -s ... */ -int usign_f_seckey(char *fingerprint, const char *seckeyfile) { - return usign_f(fingerprint, NULL, seckeyfile, NULL); +int usign_f_seckey(char *fingerprint, const char *seckeyfile, bool quiet) { + return usign_f(fingerprint, NULL, seckeyfile, NULL, quiet); } /* * call usign -F -x ... */ -int usign_f_sig(char *fingerprint, const char *sigfile) { - return usign_f(fingerprint, NULL, NULL, sigfile); +int usign_f_sig(char *fingerprint, const char *sigfile, bool quiet) { + return usign_f(fingerprint, NULL, NULL, sigfile, quiet); } @@ -195,7 +195,7 @@ int usign_v(const char *msgfile, const char *pubkeyfile, unsigned int usign_argc = 0; char fingerprint[17]; - if (usign_f_sig(fingerprint, sigfile)) { + if (usign_f_sig(fingerprint, sigfile, quiet)) { if (!quiet) fprintf(stderr, "cannot get signing key fingerprint\n"); return 1; @@ -235,10 +235,10 @@ int usign_v(const char *msgfile, const char *pubkeyfile, return -1; case 0: - if (execvp(usign_argv[0], (char *const *)usign_argv)) - return -1; - - break; + execvp(usign_argv[0], (char *const *)usign_argv); + if (!quiet) + perror("Failed to execute usign"); + _exit(1); default: waitpid(pid, &status, 0); diff --git a/usign.h b/usign.h index d57d09e..9c3207a 100644 --- a/usign.h +++ b/usign.h @@ -15,6 +15,8 @@ #ifndef _USIGN_H #define _USIGN_H +#include + /** * Verify * @@ -35,11 +37,11 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo * * calls: usign -F ... */ -int usign_f_pubkey(char *fingerprint, const char *pubkeyfile); +int usign_f_pubkey(char *fingerprint, const char *pubkeyfile, bool quiet); -int usign_f_seckey(char *fingerprint, const char *seckeyfile); +int usign_f_seckey(char *fingerprint, const char *seckeyfile, bool quiet); -int usign_f_sig(char *fingerprint, const char *sigfile); +int usign_f_sig(char *fingerprint, const char *sigfile, bool quiet); /** * custom extension to check for revokers -- 2.25.1