Re: [PATCH 5/9] Create libfsverity_compute_digest() and adapt cmd_sign to use it

[Eric Biggers <ebiggers@xxxxxxxxxx>]

On Thu, Mar 12, 2020 at 05:47:54PM -0400, Jes Sorensen wrote:
> @@ -608,16 +433,17 @@ int fsverity_cmd_sign(const struct fsverity_command *cmd,
>  	if (certfile == NULL)
>  		certfile = keyfile;
>  
> -	digest = xzalloc(sizeof(*digest) + hash_alg->digest_size);
> -	memcpy(digest->magic, "FSVerity", 8);
> -	digest->digest_algorithm = cpu_to_le16(hash_alg->hash_num);
> -	digest->digest_size = cpu_to_le16(hash_alg->digest_size);
> -
>  	if (!open_file(&file, argv[0], O_RDONLY, 0))
>  		goto out_err;
>  
> -	if (!compute_file_measurement(file.fd, hash_alg, block_size,
> -				      salt, salt_size, digest->digest))
> +	memset(&params, 0, sizeof(struct libfsverity_merkle_tree_params));

Please use 'sizeof(params)' in cases like this.

> +	params.version = 1;
> +	params.hash_algorithm = hash_alg->hash_num;
> +	params.block_size = block_size;
> +	params.salt_size = salt_size;
> +	params.salt = salt;
> +
> +	if (libfsverity_compute_digest(file.fd, &params, &digest))
>  		goto out_err;

This doesn't close the file on error.

- Eric