[OpenWrt-Devel] [PATCH ucert 00/13] ucert fixes and cleanup
Matthias Schiffer
mschiffer at universe-factory.net
Sat May 16 17:13:49 EDT 2020
While looking for a build issue (see [1]), I noticed various issues in
the ucert code (and this should not be applied before [1] is applied to
usign). There might well be more problems lurking - I did not read all
the code.
In particular patch 12/12 is critical: It must be applied before the
attached libubox patch to avoid a new security issue.
The libubox patch is necessary to make ucert verification work at all
again; without it, cert_load() will always fail, and in consequence, all
images will be found invalid when REQUIRE_IMAGE_SIGNATURE is enabled.
[1] https://patchwork.ozlabs.org/project/openwrt/patch/8ead1fd6a61117b54b4efd5111fe0d19e4eef9c5.1589642591.git.mschiffer@universe-factory.net/
Matthias Schiffer (13):
stdout/stderr improvements
Fix return code of write_file()
Introduce read_file() helper, improve error reporting
usign-exec: simplify usign execv calls
usign-exec: fix exec error handling
usign-exec: do not close stdin and stderr before exec
usign-exec: change usign_f_* fingerprint argument to char[17]
usign-exec: remove redundant return statements
usign-exec: close writing end of pipe early in parent process
usign-exec: return code fixes
usign-exec: improve usign -F output handling
Fix length checks in cert_load()
Do not print line number in debug messages
tests/cram/test_ucert.t | 4 +-
ucert.c | 147 +++++++++++++++++++++++-----------------
usign-exec.c | 115 +++++++++++++------------------
usign.h | 8 ++-
4 files changed, 138 insertions(+), 136 deletions(-)
--
2.26.2
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list