Hi, Thanks for your work. Very useful utils.
Now i porting ecryptfs-utils (version 111 from sources) & keyutils (version 1.5.9 from sources) to SailfishOS.
While preparing rpm build, i change some files and compilers flags for correct build.
So this text in attached file, the part of git diff.
My project:
https://git.merproject.org/ifilin
I hope, this mail is right way to tell about problems in ercyptfs porting.
--
С уважением,
Filin Ilya
ifilin88@xxxxxxxxx
From 5f0da97b004ccaaee66d0f708f51cc9cb24dfa14 Mon Sep 17 00:00:00 2001
From: ifilin <ifilin88@xxxxxxxxx>
Date: Mon, 8 Aug 2016 15:49:00 +0300
Subject: add&edit specs from Fedora
WARN!!!
Need Wno flags, in rpm build specs files!!!
#orig export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits -Wno-unused"
export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits -Wno-unused -Wno-pointer-sign -Wno-unused-result"
diff --git a/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c b/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
index 39cae0d..7180bbc 100644
--- a/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
+++ b/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
@@ -51,10 +51,11 @@
#include "../include/decision_graph.h"
struct pkcs11h_data {
char *serialized_id;
unsigned char *certificate_blob;
size_t certificate_blob_size;
char *passphrase;
+
};
struct pkcs11h_subgraph_key_ctx {
@@ -1157,11 +1158,26 @@ static int tf_pkcs11h_key_x509file(struct ecryptfs_ctx *ctx, struct param_node *
goto out;
}
- if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, NULL)) < 0 ) {
+// ifilin 2016-08-04 begin
+// if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, NULL)) < 0 ) {
+// syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate");
+// rc = -EIO;
+// goto out;
+// }
+// ifilin 2016-08-04 orig end
+
+ if ((rc = i2d_X509 (x509, NULL)) < 0 ) {
syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate");
rc = -EIO;
goto out;
}
+ else
+ {
+ subgraph_key_ctx->pkcs11h_data.certificate_blob_size = rc;
+ rc = -errno;
+ }
+
+// ifilin 2016-08-04 end
if (
(subgraph_key_ctx->pkcs11h_data.certificate_blob = (unsigned char *)malloc (
@@ -1178,11 +1194,24 @@ static int tf_pkcs11h_key_x509file(struct ecryptfs_ctx *ctx, struct param_node *
*/
p = subgraph_key_ctx->pkcs11h_data.certificate_blob;
- if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, &p)) < 0) {
+// ifilin 2016-08-04 begin
+// if ((subgraph_key_ctx->pkcs11h_data.certificate_blob_size = i2d_X509 (x509, &p)) < 0) {
+// syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate");
+// goto out;
+// }
+// }
+// ifilin 2016-08-04 orig end
+ if ((rc = i2d_X509 (x509, &p)) < 0) {
syslog(LOG_ERR, "PKCS#11: Cannot read decode certificate");
goto out;
}
+ else
+ {
+ subgraph_key_ctx->pkcs11h_data.certificate_blob_size = rc;
+ rc = -errno;
+ }
}
+// ifilin 2016-08-04 end
node->val = NULL;
if ((rc = ecryptfs_pkcs11h_process_key(subgraph_key_ctx, mnt_params))) {
diff --git a/src/utils/ecryptfs_generate_tpm_key.c b/src/utils/ecryptfs_generate_tpm_key.c
index 002ae70..46d290d 100644
--- a/src/utils/ecryptfs_generate_tpm_key.c
+++ b/src/utils/ecryptfs_generate_tpm_key.c
@@ -108,7 +108,9 @@ int main(int argc, char **argv)
free(pcrsSelected);
return -1;
}
- pcrsSelected = tmp_pcrs;
+ //ifilin 2016-08-04 - next orig line
+ //pcrsSelected = tmp_pcrs;
+ pcrsSelected = (int *)tmp_pcrs;// safe couse realloc sizeof(int) in line 101
pcrsSelected[numPcrsSelected - 1] =
atoi(optarg);
break;
diff --git a/src/utils/mount.ecryptfs_private.c b/src/utils/mount.ecryptfs_private.c
index 1a63d1d..9617948 100644
--- a/src/utils/mount.ecryptfs_private.c
+++ b/src/utils/mount.ecryptfs_private.c
@@ -232,7 +232,8 @@ static int check_cwd_f_type()
*
* This whitelist is to prevent malicious mount.ecryptfs_private users
* from mounting over filesystem types such as PROC_SUPER_MAGIC to
- * deceive other programs with a crafted /proc/self/*. See
+ //ifilin 2016-08-04 remove star char after self/
+ * deceive other programs with a crafted /proc/self/. See
* https://launchpad.net/bugs/1530566 for more details.
*/
__SWORD_TYPE f_type_whitelist[] = {
@@ -276,7 +277,7 @@ static int check_cwd_f_type()
fprintf(stderr,
"Refusing to mount over an unapproved filesystem type: %#lx\n",
- buf.f_type);
+ (long unsigned int)buf.f_type);
return 1;
}
