diff options
author | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-03-20 10:49:32 +1100 |
---|---|---|
committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-03-23 11:39:35 +1100 |
commit | 3dfa4123bdf987aaa0e4bfd73d436c6bab0184ce (patch) | |
tree | d6a75c0bcb855b0851d6b9b82a3c45e935f5b869 /lib | |
parent | abf92c05c31955333719f1a83cffb0d0d194c770 (diff) | |
download | talos-petitboot-3dfa4123bdf987aaa0e4bfd73d436c6bab0184ce.tar.gz talos-petitboot-3dfa4123bdf987aaa0e4bfd73d436c6bab0184ce.zip |
lib/security: Fix broken if statements in gpg_validate_boot_files()
The patch ccb478ac "Add encrypted file support" removes two
result = KEXEC_LOAD_SIGNATURE_FAILURE;
statements from after the `if (verify_file_signature)` lines for the
kernel and cmdline signatures. This appears to have been a mistake that
snuck through testing, and would allow incorrect signatures to pass
validation.
Also fix up some confusing indenting in the decryption section.
Reported-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/security/gpg.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/security/gpg.c b/lib/security/gpg.c index 41d1306..76e2c6c 100644 --- a/lib/security/gpg.c +++ b/lib/security/gpg.c @@ -462,10 +462,12 @@ int gpg_validate_boot_files(struct boot_task *boot_task) { local_image_signature, authorized_signatures_handle, "/etc/gpg")) + result = KEXEC_LOAD_SIGNATURE_FAILURE; if (verify_file_signature(cmdline_template, local_cmdline_signature, authorized_signatures_handle, "/etc/gpg")) + result = KEXEC_LOAD_SIGNATURE_FAILURE; if (boot_task->local_initrd_signature) if (verify_file_signature(initrd_filename, @@ -498,7 +500,7 @@ int gpg_validate_boot_files(struct boot_task *boot_task) { "/etc/gpg")) result = KEXEC_LOAD_SIGNATURE_FAILURE; if (boot_task->local_initrd) - if (decrypt_file(initrd_filename, + if (decrypt_file(initrd_filename, authorized_signatures_handle, "/etc/gpg")) result = KEXEC_LOAD_DECRYPTION_FALURE; @@ -570,4 +572,4 @@ int lockdown_status() { free(auth_sig_line); return ret; -}
\ No newline at end of file +} |