lib/security: Fix broken if statements in gpg_validate_boot_files()
authorSamuel Mendoza-Jonas <sam@mendozajonas.com>
Mon, 19 Mar 2018 23:49:32 +0000 (10:49 +1100)
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>
Fri, 23 Mar 2018 00:39:35 +0000 (11:39 +1100)
The patch ccb478ac "Add encrypted file support" removes two
result = KEXEC_LOAD_SIGNATURE_FAILURE;
statements from after the `if (verify_file_signature)` lines for the
kernel and cmdline signatures. This appears to have been a mistake that
snuck through testing, and would allow incorrect signatures to pass
validation.

Also fix up some confusing indenting in the decryption section.

Reported-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/security/gpg.c

index 41d1306812fa8c6c86aeb4ba97e06e29a93f3b12..76e2c6cb58c6f4b7b4a4257ae44fa9a5fc255d32 100644 (file)
@@ -462,10 +462,12 @@ int gpg_validate_boot_files(struct boot_task *boot_task) {
                        local_image_signature,
                        authorized_signatures_handle,
                        "/etc/gpg"))
+                       result = KEXEC_LOAD_SIGNATURE_FAILURE;
                if (verify_file_signature(cmdline_template,
                        local_cmdline_signature,
                        authorized_signatures_handle,
                        "/etc/gpg"))
+                       result = KEXEC_LOAD_SIGNATURE_FAILURE;
 
                if (boot_task->local_initrd_signature)
                        if (verify_file_signature(initrd_filename,
@@ -498,7 +500,7 @@ int gpg_validate_boot_files(struct boot_task *boot_task) {
                        "/etc/gpg"))
                        result = KEXEC_LOAD_SIGNATURE_FAILURE;
                if (boot_task->local_initrd)
-               if (decrypt_file(initrd_filename,
+                       if (decrypt_file(initrd_filename,
                                authorized_signatures_handle,
                                "/etc/gpg"))
                                result = KEXEC_LOAD_DECRYPTION_FALURE;
@@ -570,4 +572,4 @@ int lockdown_status() {
        free(auth_sig_line);
 
        return ret;
-}
\ No newline at end of file
+}