From nobody Fri Jun 30 21:04:29 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qt7B73bB5z4l0QR; Fri, 30 Jun 2023 21:05:03 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "Thawte RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qt7B66TB7z3mkR; Fri, 30 Jun 2023 21:05:02 +0000 (UTC) (envelope-from sjg@juniper.net) Authentication-Results: mx1.freebsd.org; none Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 35UKGm1O009495; Fri, 30 Jun 2023 14:05:01 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : content-transfer-encoding : date : message-id; s=PPS1017; bh=g13v26btE0K7TTTysjEfDm/AdROcCxj4+Uu8nnmCflo=; b=SUs/3NNLjuAx3qdeVCzSIVyCeCwW2zw2sMlJ8U9xG+UaYs1OJuy35UScQL+stkQEAu6O bFOk2Knmi/FLDsBdZxXLkiQgERkNrjvOiEixJmbbzkrkrzaBQLfOLstkvIzs4IN0ADcn xeDYRHus+MXZxy92XAbLVAqCbSP+eD4R6vnfCpNAjNsWGJ34UH6fadLY5ihGsASTl0F4 tTJtXz7YkLYb2ieJbmsbvHzAoupNwLhLTcS20KqalOHk4SPQBLJeF15jitEQ9T8Y8VlJ 1poybS2U3OfY1e/EQpKO+vz3sqtUQab5wFuhP4KyRtKsB8Q3m6QRiTsZrKb9i2xEF/C6 aA== Received: from bl0pr02cu006.outbound.protection.outlook.com (mail-eastusazlp17013036.outbound.protection.outlook.com [40.93.11.36]) by mx0a-00273201.pphosted.com (PPS) with ESMTPS id 3rj03n8vk2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 30 Jun 2023 14:05:00 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LlbNhJPxtXR5IPY9MgVjAkgvf/tfyH0ytB6XhAX/VNsYswM3QDORrY/PrqEnLYfPTksgB3cuMUKCvV19JB9CSV6snU5KOgMfQOJTUz92jbRORrogO0IQ28Xip+YYqTU9RtCjq6U6sm5hVwochCDPZjcLf3EV1/Iso1LY5M9/8XZk1TCKCkgzmcYuTip+40MhoO3u0lfNXzhVAvVUUb/XL+COnH9nkh71jEmdUiZA1YAV4INPMIXJTpit47rF4vtTQnAikxENpEYUQshJOwFNXvQ6s0HdX8Bcto24VQAM/l7VCJG5ik0adfHTUXE1AH+I8Q5ZBf7fbyovsgiHdq/vdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g13v26btE0K7TTTysjEfDm/AdROcCxj4+Uu8nnmCflo=; b=bgNuupGD88ygmHrbWfdglFNHhmjAgmTSYdk0LtUdW8xIPzOgoWv4+Sj8RxFcDlBpw5/B48nWcQX221RI/pGAoqdyNigiHWObxPPvBqZ/Lyfkwz4kVq/h/mUymnfMFKfK2BbA3QKnnTf8txJ3b9WqjfSmVBszIATvwcXX+0YyxARLFYz6GP3YE+qVGPHjz5bf8+86Zj2al7jLuSIr5iBbnp/TL/ccQYr7mdmwGE+tr0XtsEsXE+XK7EyKar3zalVeYr/TG4IKGOlzJOHEXQ9c9TItDmyJzYuwv+8OvQyVc+uCIYOj9AG8iYQCh5R4AU28VypWodjHqIiWSbEU4qmHbw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.15) smtp.rcpttodomain=freebsd.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g13v26btE0K7TTTysjEfDm/AdROcCxj4+Uu8nnmCflo=; b=fwFdnrGC0aJbRA2ab5W5EK/BijTRVttJp81Mgy7fk1v2x1xCWa0fLPjJUZqNYX1hFFdU0RKfhtVqeoxJHOY6tS8qi3YRnwUricagEZHXCUdKtRN/WuWL+X0Ymx8ionMvV/i3oBY8BzjCPHSPOk6BXKTJ/cta3S/ANhb9wqeZ6BQ= Received: from BYAPR06CA0051.namprd06.prod.outlook.com (2603:10b6:a03:14b::28) by CY5PR05MB9141.namprd05.prod.outlook.com (2603:10b6:930:37::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Fri, 30 Jun 2023 21:04:58 +0000 Received: from DM6NAM12FT006.eop-nam12.prod.protection.outlook.com (2603:10b6:a03:14b:cafe::d0) by BYAPR06CA0051.outlook.office365.com (2603:10b6:a03:14b::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6544.22 via Frontend Transport; Fri, 30 Jun 2023 21:04:57 +0000 X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.15) smtp.mailfrom=juniper.net; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.15 as permitted sender) Received: from p-exchfe-eqx-02.jnpr.net (66.129.239.15) by DM6NAM12FT006.mail.protection.outlook.com (10.13.178.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.13 via Frontend Transport; Fri, 30 Jun 2023 21:04:57 +0000 Received: from p-exchbe-eqx-02.jnpr.net (10.104.9.15) by p-exchfe-eqx-02.jnpr.net (10.104.9.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.21; Fri, 30 Jun 2023 16:04:57 -0500 Received: from p-mailhub01.juniper.net (10.104.20.6) by p-exchbe-eqx-02.jnpr.net (10.104.9.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.21 via Frontend Transport; Fri, 30 Jun 2023 16:04:56 -0500 Received: from kaos.jnpr.net (kaos.jnpr.net [172.23.255.201]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 35UL4uek018927; Fri, 30 Jun 2023 14:04:56 -0700 (envelope-from sjg@juniper.net) Received: by kaos.jnpr.net (Postfix, from userid 1377) id B5D218D811; Fri, 30 Jun 2023 14:04:29 -0700 (PDT) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id B42808D793; Fri, 30 Jun 2023 14:04:29 -0700 (PDT) To: John Baldwin CC: , , , Subject: Re: git: 56f3f2d2491e - main - libsecureboot: avoid set but not used errors In-Reply-To: <2512b2e6-8b57-995f-6901-a1e00a4e9238@FreeBSD.org> References: <202306300652.35U6qpgP027126@gitrepo.freebsd.org> <2512b2e6-8b57-995f-6901-a1e00a4e9238@FreeBSD.org> Comments: In-reply-to: John Baldwin message dated "Fri, 30 Jun 2023 07:41:34 -0700." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 28.2 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <58443.1688159069.1@kaos.jnpr.net> Content-Transfer-Encoding: quoted-printable Date: Fri, 30 Jun 2023 14:04:29 -0700 Message-ID: <63110.1688159069@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM12FT006:EE_|CY5PR05MB9141:EE_ X-MS-Office365-Filtering-Correlation-Id: 35573862-0cd5-4b24-3945-08db79ada912 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ygWZTPVHAVAEt/N4KgZn04l0NLe18CByyrkHyWQMUMNfkVp2SqELqsuu6NA1YL0Jpkn6Bso20VDPy4H/7bfVaViErTf8v8KaAkPhoiF2mhBZyyICUQ3Gr91eekNf3l69x8wiy7aRwpKYYix5zK8OzYG9l5LLfpnNRPchSPHEN5Y4i4hqyj1XNkffuSvmQ3g88jswGcliRnODoSlKHcXBglb0MNeHJynHhGjhBd/lPh30hov6ROK6apNgmK+WdwzymPf3cCNr+lulQafh0ba6Odxvur+bmjhyIcFb/FtgOugX6TyUU5z7gDOXmNHMQo6Aq0WiwYr6vLhs4U99jE3jTgq91xBnp8gCwXwTalB+SgkydvCbeJ1IS9L6xHKHQUewUV/EyVUFJUMUDnMKk+/1+Vjwr5OIk3LHJT2BbBwUWR6XcfN8SegDUAwbe/nJHeIPNfDexJNVpDF6VMOM+pE/5vMu3hmr9dMlPiaqfQxhloFq/uIk0/r8n2amJHXvGahjzUmTHCD5yjvjgIfQiz/eZnO2BicGPbPNpkxYmboMQphL6Pp2NQ2PY4qTd31Yxcgt7xSRKY/4wAutGbyPrJNoWr2CerURanDLbolpKu8TyKqDdPNbYgQU8j7UyoZZa92BaKB0mofNN/EbL1fkVRrFV83NStXQw0CMMC8Q58OMCEx91f1Zz2e5P1wqHp7RHrCeA/u4RIXaao+EcgrNjmdbHA+8TanGuPcITQL6Q6UVmPvNTbNK0UEJb3AdBotyzt15z1s/4uekHCyH5KT516HRd+tMAXpPhEIUXzub4dLDWytAxiPcMZTxGkrDrmdf2y9l X-Forefront-Antispam-Report: CIP:66.129.239.15;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:p-exchfe-eqx-02.jnpr.net;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(376002)(136003)(346002)(39860400002)(396003)(451199021)(40470700004)(46966006)(36840700001)(186003)(82310400005)(36860700001)(41300700001)(107886003)(9686003)(6266002)(47076005)(54906003)(83380400001)(7126003)(478600001)(336012)(7696005)(2906002)(26005)(6916009)(356005)(55016003)(40460700003)(70206006)(316002)(82740400003)(81166007)(70586007)(5660300002)(450100002)(40480700001)(8936002)(4326008)(86362001)(8676002)(36900700001);DIR:OUT;SFP:1102; X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2023 21:04:57.4966 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 35573862-0cd5-4b24-3945-08db79ada912 X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4;Ip=[66.129.239.15];Helo=[p-exchfe-eqx-02.jnpr.net] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM12FT006.eop-nam12.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR05MB9141 X-Proofpoint-GUID: OkV3xP2YACG7faQ4KlfGNinQFBzGOJYc X-Proofpoint-ORIG-GUID: OkV3xP2YACG7faQ4KlfGNinQFBzGOJYc X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-06-30_12,2023-06-30_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 phishscore=0 priorityscore=1501 suspectscore=0 adultscore=0 mlxlogscore=565 lowpriorityscore=0 malwarescore=0 clxscore=1011 impostorscore=0 bulkscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2305260000 definitions=main-2306300184 X-Rspamd-Queue-Id: 4Qt7B66TB7z3mkR X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:26211, ipnet:208.84.65.0/24, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N John Baldwin wrote: > > --- > > lib/libsecureboot/openpgp/opgp_sig.c | 22 ++++++++++++---------- > > lib/libsecureboot/vets.c | 7 +++++-- > > 2 files changed, 17 insertions(+), 12 deletions(-) > > > > diff --git a/lib/libsecureboot/openpgp/opgp_sig.c b/lib/libsecureboot/= openpgp/opgp_sig.c > > index eec3469e3457..7f4e6fb98fd1 100644 > > --- a/lib/libsecureboot/openpgp/opgp_sig.c > > +++ b/lib/libsecureboot/openpgp/opgp_sig.c > > @@ -464,20 +464,22 @@ verify_asc(const char *sigfile, int flags) > > size_t n; > > unsigned char *fdata, *sdata; > > size_t fbytes, sbytes; > > - > > + > > + fdata =3D NULL; > > if ((sdata =3D read_file(sigfile, &sbytes))) { > > n =3D strlcpy(pbuf, sigfile, sizeof(pbuf)); > > - if ((cp =3D strrchr(pbuf, '.'))) > > - *cp =3D '\0'; > > - if ((fdata =3D read_file(pbuf, &fbytes))) { > > - if (openpgp_verify(pbuf, fdata, fbytes, sdata, > > - sbytes, flags)) { > > - free(fdata); > > - fdata =3D NULL; > > + if (n < sizeof(pbuf)) { > > + if ((cp =3D strrchr(pbuf, '.'))) > > + *cp =3D '\0'; > > + if ((fdata =3D read_file(pbuf, &fbytes))) { > > + if (openpgp_verify(pbuf, fdata, fbytes, = sdata, > > + sbytes, flags)) { > > + free(fdata); > > + fdata =3D NULL; > > + } > > } > > } > > - } else > > - fdata =3D NULL; > > + } > > free(sdata); > > return (fdata); > = > Most of this change seems to be avoiding reading the "real" file > if the filename from the signature file was too long to fit into > pbuf which I think is a different change? This is all just levels of paranoia. strlcpy will truncate the data anyway, but if the buf isn't big enough to hold the name, someone is playing games and we don't want to play along= . > > diff --git a/lib/libsecureboot/vets.c b/lib/libsecureboot/vets.c > > index 4375dfa76a89..12191097ff8c 100644 > > --- a/lib/libsecureboot/vets.c > > +++ b/lib/libsecureboot/vets.c > > @@ -241,11 +241,14 @@ x509_cn_get(br_x509_certificate *xc, char *buf, = size_t len) > > mc.vtable->start_cert(&mc.vtable, xc->data_len); > > mc.vtable->append(&mc.vtable, xc->data, xc->data_len); > > mc.vtable->end_cert(&mc.vtable); > > - /* we don' actually care about cert status - just its name */ > > + /* we don't actually care about cert status - just its name */ > > err =3D mc.vtable->end_chain(&mc.vtable); > = > For cases like this I've removed the variable and used a (void) cast ins= tead to indicate > that the return value is intentionally unused. Right, but I actually want err, so it can be seen in a debugger easily. It was at least useful when first getting this stuff to work.