diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-11-10 12:12:54 -0500 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-11-10 12:12:54 -0500 |
| commit | 7885012ba0a7c1d7c974dd9528afa90aeed916a6 (patch) | |
| tree | 7136ec8624b0b09bc1bc38d0d99fb52c3a7e99a3 | |
| parent | 3d3942f6b1ccb9062794527f2f204d98642eaed2 (diff) | |
| download | systemtap-steved-7885012ba0a7c1d7c974dd9528afa90aeed916a6.tar.gz systemtap-steved-7885012ba0a7c1d7c974dd9528afa90aeed916a6.tar.xz systemtap-steved-7885012ba0a7c1d7c974dd9528afa90aeed916a6.zip | |
Replace the use of the global variable 'modpath' in diagnostic
messages within verify_it with the use of a 'module_name'
parameter passed in.
Add a comment in insert_module explaining why it's ok to
overwrite the 'path' parameter with the canonicalized path.
| -rw-r--r-- | runtime/staprun/modverify.c | 15 | ||||
| -rw-r--r-- | runtime/staprun/modverify.h | 3 | ||||
| -rw-r--r-- | runtime/staprun/staprun_funcs.c | 6 |
3 files changed, 14 insertions, 10 deletions
diff --git a/runtime/staprun/modverify.c b/runtime/staprun/modverify.c index 059856ee..514f09f0 100644 --- a/runtime/staprun/modverify.c +++ b/runtime/staprun/modverify.c @@ -202,7 +202,7 @@ check_cert_db_permissions (const char *cert_db_path) { static int verify_it (const char *signatureName, const SECItem *signature, - const void *module_data, off_t module_size, + const char *module_name, const void *module_data, off_t module_size, const SECKEYPublicKey *pubKey) { VFYContext *vfy; @@ -224,7 +224,7 @@ verify_it (const char *signatureName, const SECItem *signature, if (secStatus != SECSuccess) { fprintf (stderr, "Unable to initialize verification context while verifying %s using the signature in %s.\n", - modpath, signatureName); + module_name, signatureName); nssError (); return MODULE_CHECK_ERROR; } @@ -234,7 +234,7 @@ verify_it (const char *signatureName, const SECItem *signature, if (secStatus != SECSuccess) { fprintf (stderr, "Error while verifying %s using the signature in %s.\n", - modpath, signatureName); + module_name, signatureName); nssError (); return MODULE_CHECK_ERROR; } @@ -243,7 +243,7 @@ verify_it (const char *signatureName, const SECItem *signature, secStatus = VFY_End (vfy); if (secStatus != SECSuccess) { fprintf (stderr, "Unable to verify the signed module %s. It may have been altered since it was created.\n", - modpath); + module_name); nssError (); return MODULE_ALTERED; } @@ -251,8 +251,8 @@ verify_it (const char *signatureName, const SECItem *signature, return MODULE_OK; } -int verify_module (const char *signatureName, const void *module_data, - off_t module_size) +int verify_module (const char *signatureName, const char* module_name, + const void *module_data, off_t module_size) { const char *dbdir = SYSCONFDIR "/systemtap/staprun"; SECKEYPublicKey *pubKey; @@ -356,7 +356,8 @@ int verify_module (const char *signatureName, const void *module_data, } /* Verify the file. */ - rc = verify_it (signatureName, & signature, module_data, module_size, pubKey); + rc = verify_it (signatureName, & signature, + module_name, module_data, module_size, pubKey); if (rc == MODULE_OK || rc == MODULE_ALTERED || rc == MODULE_CHECK_ERROR) break; /* resolved or error */ } diff --git a/runtime/staprun/modverify.h b/runtime/staprun/modverify.h index 730a5e86..c35adc29 100644 --- a/runtime/staprun/modverify.h +++ b/runtime/staprun/modverify.h @@ -1,4 +1,5 @@ -int verify_module (const char *signature_name, const void *module_data, off_t module_size); +int verify_module (const char *signature_name, const char *module_name, + const void *module_data, off_t module_size); /* return codes for verify_module. */ #define MODULE_OK 1 diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 47ad6a19..89f78ade 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -84,7 +84,9 @@ int insert_module( /* Overwrite the path with the canonicalized one, to defeat a possible race between path and signature checking below and, - somewhat later, module loading. */ + somewhat later, module loading. This path gets propogated to the + helper functions called by this function and is not used for any + other purpose, so it is ok to overwrite the 'path' parameter. */ path = strdup (module_realpath); if (path == NULL) { _perr("allocating memory failed"); @@ -256,7 +258,7 @@ check_signature(const char *path, const void *module_data, off_t module_size) } sprintf (signature_realpath, "%s.sgn", path); - rc = verify_module (signature_realpath, module_data, module_size); + rc = verify_module (signature_realpath, path, module_data, module_size); dbug(2, "verify_module returns %d\n", rc); |