New cmake version 4.0 requires at least 3.5 version as the minimum
required version with it increased to 3.10 in to-be-released cmake
versions.
Set the minimum required version to 3.10 to future-proof for future
cmake version.
Suggested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The line number does not add any significant information, and it makes
the unit tests which check for these debug messages very fragile.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
cert_load() iterates over multiple blobs, so the length argument to
blob_parse_untrusted() needs to be updated to prevent out-of-bounds
accesses.
Some other checks have become redundant and are removed, as
blob_parse_untrusted() already ensures that all attrs are contained in
the passed buffer.
Note that this issue currently does not pose a security threat, as an
over-restrictive check in blob_parse_untrusted() broke parsing of
buffers with multiple blobs completely.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
While not likely to happen in pratice, nothing guarantees that read()
will retrieve more than 1 byte at a time. The easiest way to make this
code compliant is to wrap the file descriptor using fdopen().
While we're at it, also
- remove useless memset()
- check fingerprint for validity
The check is particularly relevant, as a usign bug [1] causing short
fingerprint outputs only went unnoticed for so long because the trailing
newline was considered one of the 16 characters ucert was expecting.
[1] 8ead1fd6a6.1589642591.git.mschiffer@universe-factory.net/
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
- WEXITSTATUS() should only be called when WIFEXITED() returns true
- Fix double WEXITSTATUS() in usign_f()
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
When the child process exited without producing output (for example
because usign was not found), the parent process would hang forever in
read(). By closing the writing end early in the parent process, read
will return as soon as no writing FDs are left - that is, when the child
process has exited.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
All switch() cases were already returning value or exiting. Instead,
move the default case out of the switch to reduce indentation (only
relevant for usign_f()).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This makes it more obvious that a buffer with space for 17 characters is
expected to be passed. The code still works the same (a char[17] is
equivalent to char* as an argument).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
FDs 0, 1 and 2 should always be available. This also allows the exec error
message in the forked process to be displayed.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
When the executable to exec is passed as an absolute path, execv() and
execvp() are equivalent, so there it no need to make the code hard to
read with #ifdefs.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This helper simplifies handling, ensures that there are no resource
leaks, and checks for EOF more robustly.
Also introduce error reporting at all call sites to give the user some
feedback when something went wrong.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
write_file() returns 1/true on success; it should return 0/false when
opening the file fails.
To make it more obvious that is function returns true and not 0 on
success, also change its return type to bool.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixing following unit test failures:
$ ucert -D -c $TEST_INPUTS/key-build.ucert
ucert: invalid option -- 'D'
Signed-off-by: Petr Štetiar <ynezz@true.cz>
In commit 4462ff9ded ("add cram based unit tests") some unit tests
were added so enable them on CI as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
blob_parse expects blobs from trusted inputs, but in this case it can be
supplied with possibly malicious certificates from untrusted inputs as
well, so in order to prevent such conditions, switch to
blob_parse_untrusted which should hopefully handle such inputs
appropriately.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes following valgrind reported memory leak:
189 bytes in 1 blocks are definitely lost in loss record 3 of 4
at realloc
by blobmsg_format_json_with_cb
by blobmsg_format_json_indent
by cert_dump_blob (ucert.c:386)
by cert_dump (ucert.c:405)
by main (ucert.c:728)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes following warning reported by clang-9 scan-build analyzer:
ucert.c:585:2: warning: Undefined or garbage value returned to caller
return ret;
^~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Lets enable some useful flags in order to spot possible issues during
QA on CI (GCC version 6 and higher). Fix warnings uncovered by this new
flags as reported by clang-9 on x86/64:
ucert.c:158:33: error: comparison of integers of different signs: 'unsigned long' and 'int' [-Werror,-Wsign-compare]
ucert.c:176:14: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
ucert.c:314:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
ucert.c:315:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
ucert.c:557:17: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
Ref: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Uses currently proof-of-concept openwrt-ci[1] in order to:
* improve the quality of the codebase in various areas
* decrease code review time and help merging contributions faster
* get automagic feedback loop on various platforms and tools
- out of tree build with OpenWrt SDK on following targets:
* ath79-generic
* imx6-generic
* malta-be
* mvebu-cortexa53
- out of tree native build on x86/64 with GCC (versions 7, 8, 9) and Clang 10
- out of tree native x86/64 static code analysis with cppcheck and
scan-build from Clang 10
1. https://gitlab.com/ynezz/openwrt-ci/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Otherwise it's not possible to compile it properly if the dependencies
are not installed in the standard include/libraries paths.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
usign occasionally writes 16 characters then exits without writing a LF,
leaving ucert hanging waiting for more input. Accept 16 characters
or more rather than 17 to work around the short read.
Signed-off-by: Mike McCormack <mike@atratus.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
use execvp in host builds instead of hardcoding /usr/bin/usign path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)
make all options single-set, only accept options after command and only
those needed for the specific command.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)
Just in case someone just wants a single plain signature without any
chain.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)
