grub2/0249-grub-core-commands-verify.c-Save-verified-file-to-av.patch
Peter Jones f74b50e380 Rebase to upstream, fix a pile of bugs. The usual.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-12 15:37:08 -04:00

197 lines
5.4 KiB
Diff

From 389f8af28dcc1f7620fabf5032f680fba0bd28e3 Mon Sep 17 00:00:00 2001
From: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
Date: Wed, 3 Apr 2013 17:32:33 +0200
Subject: [PATCH 249/482] * grub-core/commands/verify.c: Save verified
file to avoid it being tampered with after verification was done.
---
ChangeLog | 5 +++
grub-core/commands/verify.c | 98 +++++++++++++++++++++++++++++++++++++--------
include/grub/misc.h | 2 +
3 files changed, 88 insertions(+), 17 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b0c57bb..6dc95ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2013-04-03 Vladimir Serbinenko <phcoder@gmail.com>
+ * grub-core/commands/verify.c: Save verified file to avoid it being
+ tampered with after verification was done.
+
+2013-04-03 Vladimir Serbinenko <phcoder@gmail.com>
+
* grub-core/term/i386/pc/console.c (grub_console_getwh): Decrease
reported width by one to compensate for curesor algorithm problem.
diff --git a/grub-core/commands/verify.c b/grub-core/commands/verify.c
index b4d5e7b..bd47611 100644
--- a/grub-core/commands/verify.c
+++ b/grub-core/commands/verify.c
@@ -1,6 +1,6 @@
/*
* GRUB -- GRand Unified Bootloader
- * Copyright (C) 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -338,9 +338,10 @@ grub_crypto_pk_locate_subkey_in_trustdb (grub_uint64_t keyid)
return 0;
}
-grub_err_t
-grub_verify_signature (grub_file_t f, grub_file_t sig,
- struct grub_public_key *pkey)
+static grub_err_t
+grub_verify_signature_real (char *buf, grub_size_t size,
+ grub_file_t f, grub_file_t sig,
+ struct grub_public_key *pkey)
{
grub_size_t len;
grub_uint8_t v;
@@ -404,16 +405,19 @@ grub_verify_signature (grub_file_t f, grub_file_t sig,
grub_memset (context, 0, sizeof (context));
hash->init (context);
- while (1)
- {
- grub_uint8_t readbuf[4096];
- r = grub_file_read (f, readbuf, sizeof (readbuf));
- if (r < 0)
- return grub_errno;
- if (r == 0)
- break;
- hash->write (context, readbuf, r);
- }
+ if (buf)
+ hash->write (context, buf, size);
+ else
+ while (1)
+ {
+ grub_uint8_t readbuf[4096];
+ r = grub_file_read (f, readbuf, sizeof (readbuf));
+ if (r < 0)
+ return grub_errno;
+ if (r == 0)
+ break;
+ hash->write (context, readbuf, r);
+ }
hash->write (context, &v, sizeof (v));
hash->write (context, &v4, sizeof (v4));
@@ -532,6 +536,13 @@ grub_verify_signature (grub_file_t f, grub_file_t sig,
return GRUB_ERR_NONE;
}
+grub_err_t
+grub_verify_signature (grub_file_t f, grub_file_t sig,
+ struct grub_public_key *pkey)
+{
+ return grub_verify_signature_real (0, 0, f, sig, pkey);
+}
+
static grub_err_t
grub_cmd_trust (grub_command_t cmd __attribute__ ((unused)),
int argc, char **args)
@@ -665,6 +676,28 @@ grub_cmd_verify_signature (grub_command_t cmd __attribute__ ((unused)),
static int sec = 0;
+static grub_ssize_t
+verified_read (struct grub_file *file, char *buf, grub_size_t len)
+{
+ grub_memcpy (buf, (char *) file->data + file->offset, len);
+ return len;
+}
+
+static grub_err_t
+verified_close (struct grub_file *file)
+{
+ grub_free (file->data);
+ file->data = 0;
+ return GRUB_ERR_NONE;
+}
+
+struct grub_fs verified_fs =
+{
+ .name = "verified_read",
+ .read = verified_read,
+ .close = verified_close
+};
+
static grub_file_t
grub_pubkey_open (grub_file_t io, const char *filename)
{
@@ -672,9 +705,12 @@ grub_pubkey_open (grub_file_t io, const char *filename)
char *fsuf, *ptr;
grub_err_t err;
grub_file_filter_t curfilt[GRUB_FILE_FILTER_MAX];
+ grub_file_t ret;
if (!sec)
return io;
+ if (io->device->disk && io->device->disk->id == GRUB_DISK_DEVICE_MEMDISK_ID)
+ return io;
fsuf = grub_malloc (grub_strlen (filename) + sizeof (".sig"));
if (!fsuf)
return NULL;
@@ -691,12 +727,40 @@ grub_pubkey_open (grub_file_t io, const char *filename)
if (!sig)
return NULL;
- err = grub_verify_signature (io, sig, NULL);
+ ret = grub_malloc (sizeof (*ret));
+ if (!ret)
+ return NULL;
+ *ret = *io;
+
+ ret->fs = &verified_fs;
+ ret->not_easily_seekable = 0;
+ if (ret->size >> (sizeof (grub_size_t) * GRUB_CHAR_BIT - 1))
+ {
+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
+ "big file signature isn't implemented yet");
+ return NULL;
+ }
+ ret->data = grub_malloc (ret->size);
+ if (!ret->data)
+ {
+ grub_free (ret);
+ return NULL;
+ }
+ if (grub_file_read (io, ret->data, ret->size) != (grub_ssize_t) ret->size)
+ {
+ if (!grub_errno)
+ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"),
+ filename);
+ return NULL;
+ }
+
+ err = grub_verify_signature_real (ret->data, ret->size, 0, sig, NULL);
grub_file_close (sig);
if (err)
return NULL;
- grub_file_seek (io, 0);
- return io;
+ io->device = 0;
+ grub_file_close (io);
+ return ret;
}
static char *
diff --git a/include/grub/misc.h b/include/grub/misc.h
index c953a00..0ea5114 100644
--- a/include/grub/misc.h
+++ b/include/grub/misc.h
@@ -481,4 +481,6 @@ void EXPORT_FUNC(grub_real_boot_time) (const char *file,
#define grub_max(a, b) (((a) > (b)) ? (a) : (b))
#define grub_min(a, b) (((a) < (b)) ? (a) : (b))
+#define GRUB_CHAR_BIT 8
+
#endif /* ! GRUB_MISC_HEADER */
--
1.8.2.1