packages/p11-kit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

anchor: Exit with non-zero code, if any error occurs

Browse Source
This commit is contained in:
panxiaohe 2021-09-18 15:42:26 +08:00
parent df0f0a022f
commit fd389dc13b
2 changed files with 131 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
backport-anchor-Exit-with-non-zero-code-if-any-error-occurs.patch Normal file
View File

@ -0,0 +1,125 @@
From 7f5ef7c04a24ede94a31a7e7820d9d03b9522bd5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 12 Jun 2020 08:31:42 +0200
Subject: [PATCH] anchor: Exit with non-zero code, if any error occurs
Suggested by Nikos Mavrogiannopoulos in:
https://github.com/p11-glue/p11-kit/issues/300
---
trust/anchor.c | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)
diff --git a/trust/anchor.c b/trust/anchor.c
index a232ead..2f0aba6 100644
--- a/trust/anchor.c
+++ b/trust/anchor.c
@@ -458,8 +458,9 @@ find_anchor (CK_FUNCTION_LIST *module,
static int
anchor_store (int argc,
- char *argv[],
- bool *changed)
+ char *argv[],
+ bool *changed,
+ unsigned int *errors)
{
CK_ATTRIBUTE *attrs;
CK_FUNCTION_LIST *module = NULL;
@@ -509,6 +510,9 @@ anchor_store (int argc,
}
}
+ if (ret != 0)
+ *errors = 1;
+
p11_array_free (anchors);
p11_kit_module_finalize (module);
p11_kit_module_release (module);
@@ -537,7 +541,8 @@ description_for_object_at_iter (p11_kit_iter *iter)
static bool
remove_all (p11_kit_iter *iter,
- bool *changed)
+ bool *changed,
+ unsigned int *errors)
{
const char *desc;
CK_RV rv;
@@ -549,28 +554,28 @@ remove_all (p11_kit_iter *iter,
switch (rv) {
case CKR_OK:
*changed = true;
- /* fall through */
- case CKR_OBJECT_HANDLE_INVALID:
continue;
case CKR_TOKEN_WRITE_PROTECTED:
case CKR_SESSION_READ_ONLY:
case CKR_ATTRIBUTE_READ_ONLY:
p11_message ("couldn't remove read-only %s", desc);
- continue;
+ break;
default:
p11_message ("couldn't remove %s: %s", desc,
p11_kit_strerror (rv));
break;
}
+ (*errors)++;
}
- return (rv == CKR_CANCEL);
+ return (rv == CKR_CANCEL) && *errors == 0;
}
static int
anchor_remove (int argc,
char *argv[],
- bool *changed)
+ bool *changed,
+ unsigned int *errors)
{
CK_FUNCTION_LIST **modules;
p11_array *iters;
@@ -595,7 +600,7 @@ anchor_remove (int argc,
iter = iters->elem[i];
p11_kit_iter_begin (iter, modules);
- if (!remove_all (iter, changed))
+ if (!remove_all (iter, changed, errors))
ret = 1;
}
@@ -610,6 +615,7 @@ p11_trust_anchor (int argc,
char **argv)
{
bool changed = false;
+ unsigned int errors = 0;
int action = 0;
int opt;
int ret = 0;
@@ -674,14 +680,21 @@ p11_trust_anchor (int argc,
/* Store is different, and only accepts files */
if (action == opt_store)
- ret = anchor_store (argc, argv, &changed);
+ ret = anchor_store (argc, argv, &changed, &errors);
else if (action == opt_remove)
- ret = anchor_remove (argc, argv, &changed);
+ ret = anchor_remove (argc, argv, &changed, &errors);
else
assert_not_reached ();
+ if (errors > 0) {
+ if (errors == 1)
+ p11_message ("%u error while processing", errors);
+ else
+ p11_message ("%u errors while processing", errors);
+ }
+
/* Extract the compat bundles after modification */
if (ret == 0 && changed) {
char *args[] = { argv[0], NULL };
--
1.8.3.1

6
p11-kit.spec
View File

@ -1,6 +1,6 @@
Name: p11-kit Name: p11-kit
Version: 0.23.20 Version: 0.23.20
Release: 2 Release: 3
Summary: Provides a way to load and enumerate PKCS#11 modules. Summary: Provides a way to load and enumerate PKCS#11 modules.
License: BSD License: BSD
URL: http://p11-glue.freedesktop.org/p11-kit.html URL: http://p11-glue.freedesktop.org/p11-kit.html
@ -13,6 +13,7 @@ Patch1: backport-CVE-2020-29362-Fix-bounds-check-in-p11_rpc_buffer_get_b
Patch2: backport-proxy-Fix-slot-ID-reuse-avoiding-duplicating-IDs.patch Patch2: backport-proxy-Fix-slot-ID-reuse-avoiding-duplicating-IDs.patch
Patch3: backport-0001-CVE-2020-29361-Check-for-arithmetic-overflows-before-allocating.patch Patch3: backport-0001-CVE-2020-29361-Check-for-arithmetic-overflows-before-allocating.patch
Patch4: backport-0002-CVE-2020-29361-Follow-up-to-arithmetic-overflow-fix.patch Patch4: backport-0002-CVE-2020-29361-Follow-up-to-arithmetic-overflow-fix.patch
Patch5: backport-anchor-Exit-with-non-zero-code-if-any-error-occurs.patch
BuildRequires: gcc libtasn1-devel >= 2.3 libffi-devel gtk-doc systemd-devel pkgconfig(glib-2.0) libxslt BuildRequires: gcc libtasn1-devel >= 2.3 libffi-devel gtk-doc systemd-devel pkgconfig(glib-2.0) libxslt
BuildRequires: bash-completion BuildRequires: bash-completion
@ -128,6 +129,9 @@ fi
%{_datadir}/bash-completion/completions/trust %{_datadir}/bash-completion/completions/trust
%changelog %changelog
* Sat Sep 18 2021 panxiaohe <panxiaohe@huawei.com> - 0.23.20-3
- anchor: Exit with non-zero code, if any error occurs
* Sat Jan 9 2021 zoulin <zoulin13@huawei.com> - 0.23.20-2 * Sat Jan 9 2021 zoulin <zoulin13@huawei.com> - 0.23.20-2
- fix CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 - fix CVE-2020-29361 CVE-2020-29362 CVE-2020-29363