[OpenWrt-Devel] [PATCH ucert 05/13] usign-exec: fix exec error handling

Matthias Schiffer mschiffer at universe-factory.net
Sat May 16 17:13:55 EDT 2020 

When execvp fails in the forked process, we must exit. Also add an error
message.

Signed-off-by: Matthias Schiffer <mschiffer at universe-factory.net>
---
 ucert.c      |  4 ++--
 usign-exec.c | 40 ++++++++++++++++++++--------------------
 usign.h      |  8 +++++---
 3 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/ucert.c b/ucert.c
index 89bf0c64d4b5..208d5f67e10d 100644
--- a/ucert.c
+++ b/ucert.c
@@ -349,7 +349,7 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile,
 				   blobmsg_data_len(payloadtb[CERT_PL_ATTR_PUBKEY]),
 				   false);
 
-			if (usign_f_pubkey(chainedfp, chainedpubkey)) {
+			if (usign_f_pubkey(chainedfp, chainedpubkey, quiet)) {
 				DPRINTF("cannot get fingerprint for chained key\n");
 				ret = 2;
 				goto clean_and_return;
@@ -460,7 +460,7 @@ static int cert_issue(const char *certfile, const char *pubkeyfile, const char *
 
 	pkb[pklen] = '\0';
 
-	if (usign_f_pubkey(pkfp, pubkeyfile))
+	if (usign_f_pubkey(pkfp, pubkeyfile, quiet))
 		return -1;
 
 	gettimeofday(&tv, NULL);
diff --git a/usign-exec.c b/usign-exec.c
index 4ff2e63c5be1..22fdc14e7ebb 100644
--- a/usign-exec.c
+++ b/usign-exec.c
@@ -72,10 +72,10 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo
 		return -1;
 
 	case 0:
-		if (execvp(usign_argv[0], (char *const *)usign_argv))
-			return -1;
-
-		break;
+		execvp(usign_argv[0], (char *const *)usign_argv);
+		if (!quiet)
+			perror("Failed to execute usign");
+		_exit(1);
 
 	default:
 		waitpid(pid, &status, 0);
@@ -94,7 +94,7 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo
  * call usign -F ... and set fingerprint returned
  * return WEXITSTATUS or -1 if fork or execv fails
  */
-static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile) {
+static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile, bool quiet) {
 	int fds[2];
 	pid_t pid;
 	int status;
@@ -135,10 +135,10 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey
 		close(fds[0]);
 		close(fds[1]);
 
-		if (execvp(usign_argv[0], (char *const *)usign_argv))
-			return -1;
-
-		break;
+		execvp(usign_argv[0], (char *const *)usign_argv);
+		if (!quiet)
+			perror("Failed to execute usign");
+		_exit(1);
 
 	default:
 		waitpid(pid, &status, 0);
@@ -164,22 +164,22 @@ static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckey
 /*
  * call usign -F -p ...
  */
-int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) {
-	return usign_f(fingerprint, pubkeyfile, NULL, NULL);
+int usign_f_pubkey(char *fingerprint, const char *pubkeyfile, bool quiet) {
+	return usign_f(fingerprint, pubkeyfile, NULL, NULL, quiet);
 }
 
 /*
  * call usign -F -s ...
  */
-int usign_f_seckey(char *fingerprint, const char *seckeyfile) {
-	return usign_f(fingerprint, NULL, seckeyfile, NULL);
+int usign_f_seckey(char *fingerprint, const char *seckeyfile, bool quiet) {
+	return usign_f(fingerprint, NULL, seckeyfile, NULL, quiet);
 }
 
 /*
  * call usign -F -x ...
  */
-int usign_f_sig(char *fingerprint, const char *sigfile) {
-	return usign_f(fingerprint, NULL, NULL, sigfile);
+int usign_f_sig(char *fingerprint, const char *sigfile, bool quiet) {
+	return usign_f(fingerprint, NULL, NULL, sigfile, quiet);
 }
 
 
@@ -195,7 +195,7 @@ int usign_v(const char *msgfile, const char *pubkeyfile,
 	unsigned int usign_argc = 0;
 	char fingerprint[17];
 
-	if (usign_f_sig(fingerprint, sigfile)) {
+	if (usign_f_sig(fingerprint, sigfile, quiet)) {
 		if (!quiet)
 			fprintf(stderr, "cannot get signing key fingerprint\n");
 		return 1;
@@ -235,10 +235,10 @@ int usign_v(const char *msgfile, const char *pubkeyfile,
 		return -1;
 
 	case 0:
-		if (execvp(usign_argv[0], (char *const *)usign_argv))
-			return -1;
-
-		break;
+		execvp(usign_argv[0], (char *const *)usign_argv);
+		if (!quiet)
+			perror("Failed to execute usign");
+		_exit(1);
 
 	default:
 		waitpid(pid, &status, 0);
diff --git a/usign.h b/usign.h
index d57d09ec7b74..9c3207aa97ed 100644
--- a/usign.h
+++ b/usign.h
@@ -15,6 +15,8 @@
 #ifndef _USIGN_H
 #define _USIGN_H
 
+#include <stdbool.h>
+
 /**
  * Verify
  *
@@ -35,11 +37,11 @@ int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bo
  *
  * calls: usign -F ...
  */
-int usign_f_pubkey(char *fingerprint, const char *pubkeyfile);
+int usign_f_pubkey(char *fingerprint, const char *pubkeyfile, bool quiet);
 
-int usign_f_seckey(char *fingerprint, const char *seckeyfile);
+int usign_f_seckey(char *fingerprint, const char *seckeyfile, bool quiet);
 
-int usign_f_sig(char *fingerprint, const char *sigfile);
+int usign_f_sig(char *fingerprint, const char *sigfile, bool quiet);
 
 /**
  * custom extension to check for revokers
-- 
2.26.2


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list