From nobody Fri Jun 30 14:41:34 2023
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qsygj0gYmz4kSQl;
	Fri, 30 Jun 2023 14:41:37 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Qsygh47g2z41Yb;
	Fri, 30 Jun 2023 14:41:36 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1688136096;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=pY1MAzfvA2hT27ouf9qEAuPC2iJga1eTx88Cu9fQMWk=;
	b=KOybUmC39EJP0pqSsQAYuYCr9AJ7rTyqeaC/B6a5fWMqyWFtwhfpjVHvI+cPDGdX1c/rzm
	FiQ/k5cGs/7yGiw8PxditmTvJ+kiwVBUm1cS4aYMvqHAxI/dFO0I5Xl3Mfs9gJoGRMNxBI
	m3jdg1FCyh3SJRMAxYk7oQRotRVeF6JPGB4HlUBLg8t3JNTBN+t+cI9ZgPUMs1oF1QhWFv
	QwY7UWTRtffIBKdyV4lkmlHDnuUB2rMXXTSHHxKIASBf9MpCANCFUDHcxiGS7yOG3Qhi9L
	Axh1uM86b9eoRtrxKkUhE/NqiT+X+dsd725XsgcWzrHXeWiPSXZJZy/52L50dQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1688136096;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=pY1MAzfvA2hT27ouf9qEAuPC2iJga1eTx88Cu9fQMWk=;
	b=FWqbNfjBq8XBTu04NuZOozKwlzgVpKcykkKwSIP0yGPnQ3PfxeynVLrYBm1zt7SyE0j1rX
	1sTCFrt9ZJpZN1SSjEjXU6fcAz/w6GXV2oaiHs2hD0nbszR9/D04k/SjhgIJ1J07cHTzc8
	ZP7aCdXQAPPrc7xMGHCm8FkqhiWBsR7fJhIawaw+7nr9HgDU88SNDXKZ9GglcRr2VUyApy
	UlWw38aNgWEIBX5B+kFW5zaRF5bAN6gJFAuFmBMo7XTqMb7+peICOLIoZ4FEgWfE18xJKV
	oMD8qcJAGQVCGRdM/2jBnCm/xrQhocxpCic2CfVjOUwmkECysjr9kjarx3VTew==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1688136096; a=rsa-sha256; cv=none;
	b=LeqF6dj9dEjjIaoW0zbqvyoZphZgVqo4IhLGTMKdObosr6W6tyKzwVz/SZ3ahMpyrLSyyY
	XjQToPH0ai2Jigx4Phf6F7iv562kzUAc+I5aaZz0OGX6J5Cp9Gut2U340lzM0rhu8cagm4
	J9Mm75b1M1lihPezHVHyegP2enMCRk9LBYmg9e1/5q5j0G0cdZIu2VzlHKO81pg+xogimn
	REN1MxN52VCEc0370T4aeWc6jrr/KBjnA97VvFBriX270Wa1tTH058FXBnv8fsb7hVpEBn
	vwCXF7Ko9lmDexOrEhCvifXnXrxg7u1s5lr187Gu49nnQXyhO8SSIPW0MUGiAA==
Received: from [IPV6:2601:648:8680:16b0:9018:f799:cdac:ccb1] (unknown [IPv6:2601:648:8680:16b0:9018:f799:cdac:ccb1])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(Client did not present a certificate)
	(Authenticated sender: jhb)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4Qsygh0CnHzbYq;
	Fri, 30 Jun 2023 14:41:35 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
Message-ID: <2512b2e6-8b57-995f-6901-a1e00a4e9238@FreeBSD.org>
Date: Fri, 30 Jun 2023 07:41:34 -0700
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0)
 Gecko/20100101 Thunderbird/102.12.0
Content-Language: en-US
To: "Simon J. Gerraty" <sjg@FreeBSD.org>, src-committers@FreeBSD.org,
 dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
References: <202306300652.35U6qpgP027126@gitrepo.freebsd.org>
From: John Baldwin <jhb@FreeBSD.org>
Subject: Re: git: 56f3f2d2491e - main - libsecureboot: avoid set but not used
 errors
In-Reply-To: <202306300652.35U6qpgP027126@gitrepo.freebsd.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-ThisMailContainsUnwantedMimeParts: N

On 6/29/23 11:52 PM, Simon J. Gerraty wrote:
> The branch main has been updated by sjg:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=56f3f2d2491e30f369f9461c3cb2a366bdffbe1d
> 
> commit 56f3f2d2491e30f369f9461c3cb2a366bdffbe1d
> Author:     Simon J. Gerraty <sjg@FreeBSD.org>
> AuthorDate: 2023-06-30 06:52:17 +0000
> Commit:     Simon J. Gerraty <sjg@FreeBSD.org>
> CommitDate: 2023-06-30 06:52:17 +0000
> 
>      libsecureboot: avoid set but not used errors
>      
>      Reviewed by:    stevek
> ---
>   lib/libsecureboot/openpgp/opgp_sig.c | 22 ++++++++++++----------
>   lib/libsecureboot/vets.c             |  7 +++++--
>   2 files changed, 17 insertions(+), 12 deletions(-)
> 
> diff --git a/lib/libsecureboot/openpgp/opgp_sig.c b/lib/libsecureboot/openpgp/opgp_sig.c
> index eec3469e3457..7f4e6fb98fd1 100644
> --- a/lib/libsecureboot/openpgp/opgp_sig.c
> +++ b/lib/libsecureboot/openpgp/opgp_sig.c
> @@ -464,20 +464,22 @@ verify_asc(const char *sigfile, int flags)
>   	size_t n;
>   	unsigned char *fdata, *sdata;
>   	size_t fbytes, sbytes;
> -
> +
> +	fdata = NULL;
>   	if ((sdata = read_file(sigfile, &sbytes))) {
>   		n = strlcpy(pbuf, sigfile, sizeof(pbuf));
> -		if ((cp = strrchr(pbuf, '.')))
> -			*cp = '\0';
> -		if ((fdata = read_file(pbuf, &fbytes))) {
> -			if (openpgp_verify(pbuf, fdata, fbytes, sdata,
> -				sbytes, flags)) {
> -				free(fdata);
> -				fdata = NULL;
> +		if (n < sizeof(pbuf)) {
> +			if ((cp = strrchr(pbuf, '.')))
> +				*cp = '\0';
> +			if ((fdata = read_file(pbuf, &fbytes))) {
> +				if (openpgp_verify(pbuf, fdata, fbytes, sdata,
> +					sbytes, flags)) {
> +					free(fdata);
> +					fdata = NULL;
> +				}
>   			}
>   		}
> -	} else
> -		fdata = NULL;
> +	}
>   	free(sdata);
>   	return (fdata);

Most of this change seems to be avoiding reading the "real" file
if the filename from the signature file was too long to fit into
pbuf which I think is a different change?

>   }
> diff --git a/lib/libsecureboot/vets.c b/lib/libsecureboot/vets.c
> index 4375dfa76a89..12191097ff8c 100644
> --- a/lib/libsecureboot/vets.c
> +++ b/lib/libsecureboot/vets.c
> @@ -241,11 +241,14 @@ x509_cn_get(br_x509_certificate *xc, char *buf, size_t len)
>   	mc.vtable->start_cert(&mc.vtable, xc->data_len);
>   	mc.vtable->append(&mc.vtable, xc->data, xc->data_len);
>   	mc.vtable->end_cert(&mc.vtable);
> -	/* we don' actually care about cert status - just its name */
> +	/* we don't actually care about cert status - just its name */
>   	err = mc.vtable->end_chain(&mc.vtable);

For cases like this I've removed the variable and used a (void) cast instead to indicate
that the return value is intentionally unused.

> -	if (!cn.status)
> +	if (!cn.status) {
>   		buf = NULL;
> +		if (err == 0)		/* keep compiler happy */
> +			buf = NULL;
> +	}
>   	return (buf);
>   }
>   

-- 
John Baldwin