diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-11-10 12:12:54 -0500 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-11-10 12:12:54 -0500 |
| commit | 7885012ba0a7c1d7c974dd9528afa90aeed916a6 (patch) | |
| tree | 7136ec8624b0b09bc1bc38d0d99fb52c3a7e99a3 /runtime/staprun/modverify.c | |
| parent | 3d3942f6b1ccb9062794527f2f204d98642eaed2 (diff) | |
| download | systemtap-steved-7885012ba0a7c1d7c974dd9528afa90aeed916a6.tar.gz systemtap-steved-7885012ba0a7c1d7c974dd9528afa90aeed916a6.tar.xz systemtap-steved-7885012ba0a7c1d7c974dd9528afa90aeed916a6.zip | |
Replace the use of the global variable 'modpath' in diagnostic
messages within verify_it with the use of a 'module_name'
parameter passed in.
Add a comment in insert_module explaining why it's ok to
overwrite the 'path' parameter with the canonicalized path.
Diffstat (limited to 'runtime/staprun/modverify.c')
| -rw-r--r-- | runtime/staprun/modverify.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/runtime/staprun/modverify.c b/runtime/staprun/modverify.c index 059856ee..514f09f0 100644 --- a/runtime/staprun/modverify.c +++ b/runtime/staprun/modverify.c @@ -202,7 +202,7 @@ check_cert_db_permissions (const char *cert_db_path) { static int verify_it (const char *signatureName, const SECItem *signature, - const void *module_data, off_t module_size, + const char *module_name, const void *module_data, off_t module_size, const SECKEYPublicKey *pubKey) { VFYContext *vfy; @@ -224,7 +224,7 @@ verify_it (const char *signatureName, const SECItem *signature, if (secStatus != SECSuccess) { fprintf (stderr, "Unable to initialize verification context while verifying %s using the signature in %s.\n", - modpath, signatureName); + module_name, signatureName); nssError (); return MODULE_CHECK_ERROR; } @@ -234,7 +234,7 @@ verify_it (const char *signatureName, const SECItem *signature, if (secStatus != SECSuccess) { fprintf (stderr, "Error while verifying %s using the signature in %s.\n", - modpath, signatureName); + module_name, signatureName); nssError (); return MODULE_CHECK_ERROR; } @@ -243,7 +243,7 @@ verify_it (const char *signatureName, const SECItem *signature, secStatus = VFY_End (vfy); if (secStatus != SECSuccess) { fprintf (stderr, "Unable to verify the signed module %s. It may have been altered since it was created.\n", - modpath); + module_name); nssError (); return MODULE_ALTERED; } @@ -251,8 +251,8 @@ verify_it (const char *signatureName, const SECItem *signature, return MODULE_OK; } -int verify_module (const char *signatureName, const void *module_data, - off_t module_size) +int verify_module (const char *signatureName, const char* module_name, + const void *module_data, off_t module_size) { const char *dbdir = SYSCONFDIR "/systemtap/staprun"; SECKEYPublicKey *pubKey; @@ -356,7 +356,8 @@ int verify_module (const char *signatureName, const void *module_data, } /* Verify the file. */ - rc = verify_it (signatureName, & signature, module_data, module_size, pubKey); + rc = verify_it (signatureName, & signature, + module_name, module_data, module_size, pubKey); if (rc == MODULE_OK || rc == MODULE_ALTERED || rc == MODULE_CHECK_ERROR) break; /* resolved or error */ } |