"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Stefan Sperling <stsp@stsp.name>
Subject:
Re: use correct pipe ends on linux
To:
Josh Rickmar <openbsd+lists@zettaport.com>, gameoftrees@openbsd.org
Date:
Tue, 5 Jul 2022 23:08:56 +0200

Download raw body.

Thread
On Tue, Jul 05, 2022 at 10:53:34PM +0200, Stefan Sperling wrote:
> On Tue, Jul 05, 2022 at 10:16:13PM +0200, Stefan Sperling wrote:
> > On Tue, Jul 05, 2022 at 03:12:19PM -0400, Josh Rickmar wrote:
> > > -----------------------------------------------
> > > commit 24b0007a1fd9c963f5e1e243919476e449b5c8dc (linux_pipe)
> > > from: Josh Rickmar <jrick@zettaport.com>
> > > date: Tue Jul  5 19:07:51 2022 UTC
> > >  
> > >  use correct pipe ends on linux
> > >  
> > >  Fixes fdopen errors opening the pipe fds to read ssh-keygen stdout.
> > > 
> > >  Reported by abieber@
> > 
> > This does not seem to fix the issue properly for me.
> > 
> > While creation of a signed tag now apparently succeeds, 'got cat' shows
> > no signature on the tag object and verification with got tag -V fails.
> > I am testing on Ubuntu.
> > 
> > 
> 
> The problem seems to be use of fdopen(3) on a pipe.
> 
> With this patch signatures show up in tag objects signed on linux.
> The verification part also uses fdopen and must still be fixed in
> the same way:

My previous patch had a bug where sig_len no longer accounted
for the terminating NUL byte of the signature string. Fixed here.

Also, error out if the SSH signature has a zero length.

diff /home/stsp/src/got-portable
commit - a8fa2ba8469e013475c403304989843b7fc17ae8
path + /home/stsp/src/got-portable
blob - bf1781172c3214c0f7cefd4f0294c39c9e986cc0
file + lib/object_create.c
--- lib/object_create.c
+++ lib/object_create.c
@@ -688,11 +688,12 @@ got_object_tag_create(struct got_object_id **id,
 		msg++;
 
 	if (signer_id) {
-		FILE *out;
 		pid_t pid;
 		size_t len;
 		int in_fd, out_fd;
 		int status;
+		unsigned char out[8192];
+		ssize_t r;
 
 		err = buf_alloc(&buf, 0);
 		if (err)
@@ -743,16 +744,24 @@ got_object_tag_create(struct got_object_id **id,
 			goto done;
 		}
 
-		out = fdopen(out_fd, "r");
-		if (out == NULL) {
-			err = got_error_from_errno("fdopen");
-			goto done;
-		}
 		buf_empty(buf);
-		err = buf_load(&buf, out);
-		if (err)
+		do {
+			r = read(out_fd, out, sizeof(out));
+			if (r == -1) {
+				err = got_error_from_errno("read");
+				goto done;
+			}
+			if (r > 0) {
+				err = buf_append(&sig_len, buf, out, r);
+				if (err)
+					goto done;
+			}
+		} while (r > 0);
+		if (sig_len == 0) {
+			err = got_error_msg(GOT_ERR_BAD_TAG_SIGNATURE,
+			    "could not create SSH signature");
 			goto done;
-		sig_len = buf_len(buf) + 1;
+		}
 		err = buf_putc(buf, '\0');
 		if (err)
 			goto done;
@@ -763,7 +772,7 @@ got_object_tag_create(struct got_object_id **id,
 	}
 
 	len = strlen(obj_str) + strlen(type_str) + strlen(tag_str) +
-	    strlen(tagger_str) + 1 + strlen(msg) + 1 + sig_len;
+	    strlen(tagger_str) + 1 + strlen(msg) + 1 + sig_len + 1;
 	if (asprintf(&header, "%s %zd", GOT_OBJ_LABEL_TAG, len) == -1) {
 		err = got_error_from_errno("asprintf");
 		goto done;