[{"id":24461,"web_url":"https://patchwork.libcamera.org/comment/24461/","msgid":"<CAOgh=FxAJ+W152dhv87NjoP0ZxUQLQD4xK49jz86jPbmijuK1w@mail.gmail.com>","date":"2022-08-09T10:42:30","subject":"Re: [libcamera-devel] [PATCH v2 2/4] libcamera: pub_key: Gracefully\n\thandle failures to load public key","submitter":{"id":101,"url":"https://patchwork.libcamera.org/api/people/101/","name":"Eric Curtin","email":"ecurtin@redhat.com"},"content":"On Tue, 9 Aug 2022 at 00:08, Laurent Pinchart\n<laurent.pinchart@ideasonboard.com> wrote:\n>\n> If the public key fails to load, PubKey::isValid() function returns\n> false. The only user of the PubKey class, the IPAManager class, doesn't\n> check that condition, and still calls the PubKey::verify() function,\n> which leads to a crash.\n>\n> Fix this by returning false from PubKey::verify() if the key isn't\n> valid, and log a warning in the IPAManager constructor to report the\n> issue.\n>\n> Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n\nLGTM.\n\nReviewed-by: Eric Curtin <ecurtin@redhat.com>\n\n> ---\n>  src/libcamera/ipa_manager.cpp | 3 +++\n>  src/libcamera/pub_key.cpp     | 3 +++\n>  2 files changed, 6 insertions(+)\n>\n> diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp\n> index ec9660456960..2f96a2072fd6 100644\n> --- a/src/libcamera/ipa_manager.cpp\n> +++ b/src/libcamera/ipa_manager.cpp\n> @@ -109,6 +109,9 @@ IPAManager::IPAManager()\n>                 LOG(IPAManager, Fatal)\n>                         << \"Multiple IPAManager objects are not allowed\";\n>\n> +       if (!pubKey_.isValid())\n> +               LOG(IPAManager, Warning) << \"Public key not valid\";\n> +\n>         unsigned int ipaCount = 0;\n>\n>         /* User-specified paths take precedence. */\n> diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp\n> index 9bb08fda34af..b2045a103bc0 100644\n> --- a/src/libcamera/pub_key.cpp\n> +++ b/src/libcamera/pub_key.cpp\n> @@ -76,6 +76,9 @@ PubKey::~PubKey()\n>  bool PubKey::verify([[maybe_unused]] Span<const uint8_t> data,\n>                     [[maybe_unused]] Span<const uint8_t> sig) const\n>  {\n> +       if (!valid_)\n> +               return false;\n> +\n>  #if HAVE_GNUTLS\n>         const gnutls_datum_t gnuTlsData{\n>                 const_cast<unsigned char *>(data.data()),\n> --\n> Regards,\n>\n> Laurent Pinchart\n>","headers":{"Return-Path":"<libcamera-devel-bounces@lists.libcamera.org>","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 51B99BE173\n\tfor <parsemail@patchwork.libcamera.org>;\n\tTue,  9 Aug 2022 10:42:51 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 03CEE63328;\n\tTue,  9 Aug 2022 12:42:51 +0200 (CEST)","from us-smtp-delivery-124.mimecast.com\n\t(us-smtp-delivery-124.mimecast.com [170.10.133.124])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 78F42600EA\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tTue,  9 Aug 2022 12:42:49 +0200 (CEST)","from mail-qv1-f70.google.com (mail-qv1-f70.google.com\n\t[209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS\n\t(version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id\n\tus-mta-428-u9JWLTMzMiu09-4whec-qA-1; Tue, 09 Aug 2022 06:42:47 -0400","by mail-qv1-f70.google.com with SMTP id\n\too27-20020a056214451b00b00477249248e2so5967475qvb.4\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tTue, 09 Aug 2022 03:42:47 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;\n\ts=mail; t=1660041771;\n\tbh=5T5116uNqB+/eBXaLCf313/MgXztZar9P9oNMMb35Bo=;\n\th=References:In-Reply-To:Date:To:Subject:List-Id:List-Unsubscribe:\n\tList-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:\n\tFrom;\n\tb=z65ql8tm+0gnm+7Tk2280HW1FuILwrdF34sYYfTPq1S1VyM/0kcFe+Vic7VD6Nz27\n\t9gOzrVqQp2KDyBAixXNd/1rezrRoYsClIeDd/SPOzAtI1phHh9qwy4zaybffPQiiRl\n\tSg1korEQdId0jgtyJ4dRnKXkthM+ZgW67wk2wlnbMEbYJlgNMskGrsfUgDW8U/C4bG\n\tWxF37L3X7FQ9qCuBuKtRQpbFxRmN4U0fLBxEspQ5tfJECrDr47HKT2+GTVwGBF2QsZ\n\t2c09lCuKhfHLlF0w7h3Kr9oTpB4c65RiBARVbMrEsXtyEsX5Jl/xlVO63wvrSnkzKE\n\tI4ukXlAVxCyNw==","v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n\ts=mimecast20190719; t=1660041768;\n\th=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n\tto:to:cc:cc:mime-version:mime-version:content-type:content-type:\n\tin-reply-to:in-reply-to:references:references;\n\tbh=sKnMdOnb44mISN8Ouw/c/+1vaxO6s3OAgyAl5AOMvQw=;\n\tb=MjnWdUKJaq/sxFpkbDoRzMY5UXtWtwSm7WyLNWFArR1ihvC5EOSpD7GPsoXVhalADoWsis\n\tbER2IX3XJ/T2YgPmYSVlQRNMOM2I9ePADMufykkUxCcmQEHcOfYF+tVRcMVLbV3ErdGmm/\n\taObfFu2bm8ScEG/losB4BMUdhSxjMFM="],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=redhat.com\n\theader.i=@redhat.com header.b=\"MjnWdUKJ\"; \n\tdkim-atps=neutral","X-MC-Unique":"u9JWLTMzMiu09-4whec-qA-1","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20210112;\n\th=x-gm-message-state:mime-version:references:in-reply-to:from:date\n\t:message-id:subject:to:cc;\n\tbh=sKnMdOnb44mISN8Ouw/c/+1vaxO6s3OAgyAl5AOMvQw=;\n\tb=YbcZhHv3Z0oql+iLhAIvE9KaRQso+le3aj+pw7AedCrJlEBbPNFnvwiUlDOfIvkGX9\n\tVwyczechVItqQgwK84OI1WkX2jeQVsLYz2PmbtpMdx/bDI3sIk/+p8SJ5Wess6+ewCFS\n\tvzv3DBe6zys1+tpBdBkYIXpz3VMMFbP6YXl+PEZa7J7Ei+hCybejOxIajEmQfp/RsEP2\n\t/yUAl96uRE8Bjigcdo7Spvzt+s6DTq3I02TAbnHznzVFHcyoNLm1k9npzSsv8zl2whuE\n\t1YFXRqkEhI0dPQGWuFTm4IkHehA+wg6R46i6UwjzLwenbAuxA33HYxQPQWxkGz/BmWkb\n\tgceg==","X-Gm-Message-State":"ACgBeo37o6XZvVfl8XjAF2Qm4nsn5HxKGh5f9yoAhj6++jPBlxya0qVv\n\tZjWr6YjkwZ+lQHFM+s/I85yVcQwVLMWuWY8riLzbfBnSdOn9268Bj7L/iGZ6rFc7+vhDtukbNip\n\tUw5UIKYzAH9lFDVSihGtwp6VfAKLNmTW4tbPxzbBdNbL1n/5scw==","X-Received":["by 2002:a05:6214:62a:b0:476:858d:b2c8 with SMTP id\n\ta10-20020a056214062a00b00476858db2c8mr18911311qvx.65.1660041766605; \n\tTue, 09 Aug 2022 03:42:46 -0700 (PDT)","by 2002:a05:6214:62a:b0:476:858d:b2c8 with SMTP id\n\ta10-20020a056214062a00b00476858db2c8mr18911301qvx.65.1660041766368;\n\tTue, 09 Aug 2022 03:42:46 -0700 (PDT)"],"X-Google-Smtp-Source":"AA6agR6F7NQYJaF2g+2N8ZBJ6XvtGMtYRJvuDXA5oA63g8nuLqTHJhTcdeyP1g2kRH572iJA1PANA98r8MQJffBcPAw=","MIME-Version":"1.0","References":"<20220808230833.16275-1-laurent.pinchart@ideasonboard.com>\n\t<20220808230833.16275-3-laurent.pinchart@ideasonboard.com>","In-Reply-To":"<20220808230833.16275-3-laurent.pinchart@ideasonboard.com>","Date":"Tue, 9 Aug 2022 11:42:30 +0100","Message-ID":"<CAOgh=FxAJ+W152dhv87NjoP0ZxUQLQD4xK49jz86jPbmijuK1w@mail.gmail.com>","To":"Laurent Pinchart <laurent.pinchart@ideasonboard.com>","X-Mimecast-Spam-Score":"0","X-Mimecast-Originator":"redhat.com","Content-Type":"text/plain; charset=\"UTF-8\"","Subject":"Re: [libcamera-devel] [PATCH v2 2/4] libcamera: pub_key: Gracefully\n\thandle failures to load public key","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","From":"Eric Curtin via libcamera-devel <libcamera-devel@lists.libcamera.org>","Reply-To":"Eric Curtin <ecurtin@redhat.com>","Cc":"libcamera devel <libcamera-devel@lists.libcamera.org>","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>"}},{"id":24468,"web_url":"https://patchwork.libcamera.org/comment/24468/","msgid":"<166004755327.2190824.18157787717976171594@Monstersaurus>","date":"2022-08-09T12:19:13","subject":"Re: [libcamera-devel] [PATCH v2 2/4] libcamera: pub_key: Gracefully\n\thandle failures to load public key","submitter":{"id":4,"url":"https://patchwork.libcamera.org/api/people/4/","name":"Kieran Bingham","email":"kieran.bingham@ideasonboard.com"},"content":"Quoting Laurent Pinchart via libcamera-devel (2022-08-09 00:08:31)\n> If the public key fails to load, PubKey::isValid() function returns\n> false. The only user of the PubKey class, the IPAManager class, doesn't\n> check that condition, and still calls the PubKey::verify() function,\n> which leads to a crash.\n> \n> Fix this by returning false from PubKey::verify() if the key isn't\n> valid, and log a warning in the IPAManager constructor to report the\n> issue.\n> \n> Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n\nReviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>\n\n> ---\n>  src/libcamera/ipa_manager.cpp | 3 +++\n>  src/libcamera/pub_key.cpp     | 3 +++\n>  2 files changed, 6 insertions(+)\n> \n> diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp\n> index ec9660456960..2f96a2072fd6 100644\n> --- a/src/libcamera/ipa_manager.cpp\n> +++ b/src/libcamera/ipa_manager.cpp\n> @@ -109,6 +109,9 @@ IPAManager::IPAManager()\n>                 LOG(IPAManager, Fatal)\n>                         << \"Multiple IPAManager objects are not allowed\";\n>  \n> +       if (!pubKey_.isValid())\n> +               LOG(IPAManager, Warning) << \"Public key not valid\";\n> +\n>         unsigned int ipaCount = 0;\n>  \n>         /* User-specified paths take precedence. */\n> diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp\n> index 9bb08fda34af..b2045a103bc0 100644\n> --- a/src/libcamera/pub_key.cpp\n> +++ b/src/libcamera/pub_key.cpp\n> @@ -76,6 +76,9 @@ PubKey::~PubKey()\n>  bool PubKey::verify([[maybe_unused]] Span<const uint8_t> data,\n>                     [[maybe_unused]] Span<const uint8_t> sig) const\n>  {\n> +       if (!valid_)\n> +               return false;\n> +\n>  #if HAVE_GNUTLS\n>         const gnutls_datum_t gnuTlsData{\n>                 const_cast<unsigned char *>(data.data()),\n> -- \n> Regards,\n> \n> Laurent Pinchart\n>","headers":{"Return-Path":"<libcamera-devel-bounces@lists.libcamera.org>","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id E2DF5BE173\n\tfor <parsemail@patchwork.libcamera.org>;\n\tTue,  9 Aug 2022 12:19:16 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 6190D6332B;\n\tTue,  9 Aug 2022 14:19:16 +0200 (CEST)","from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id C19C361FAA\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tTue,  9 Aug 2022 14:19:15 +0200 (CEST)","from pendragon.ideasonboard.com\n\t(cpc89244-aztw30-2-0-cust3082.18-1.cable.virginm.net [86.31.172.11])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 4C8DD481;\n\tTue,  9 Aug 2022 14:19:15 +0200 (CEST)"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;\n\ts=mail; t=1660047556;\n\tbh=8UhOfhgrTsHWD2b0/IIsFp2ZV6hbKYqWvgtAdrOMsck=;\n\th=In-Reply-To:References:To:Date:Subject:List-Id:List-Unsubscribe:\n\tList-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:\n\tFrom;\n\tb=T5Q2h+ybg0MZACyAIgc/OLp3XJNDGLp2ug2yqQz0QVQT2kP0EK8UgKj8z/EidqvxM\n\t5PVZjIb5N/8TK2q3jSWmeNJBpFzOgiFxdMSbYUvevinUx/HvJduWF979N2v6IDEmSv\n\t3f5fWaTn0ToQMAVx6H2jdPJABeLM8RZnNlxqnOkOpSLaG/10uS0dt1PlDfRjqpEt09\n\toSJ4KGfyua2LI2S/p9F0KYZmfnQa/6EAdINhxBMF/AUNWH8Av/I5xTUwacHWhBj1Tj\n\thOAOGun3azsTTFkoZuA8Z1kc2OalD6ZB5D3gXgMbjZX3YWsoPwS7O2L6/TaIw+np1O\n\tdmaq2jtDJ66fA==","v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1660047555;\n\tbh=8UhOfhgrTsHWD2b0/IIsFp2ZV6hbKYqWvgtAdrOMsck=;\n\th=In-Reply-To:References:Subject:From:To:Date:From;\n\tb=gDXVcnUNmkVkm6uFCzQn0wK4Esbvq31WPz9CMrT2x2bWTtcHQuGyIcc8sAJC3bYTR\n\t/G6F8YC9aGxVUm3UjGFEBfv2dzPF5mp7IY160VYm1qaXfPMUiWCi+V+zMBNOZPpG6G\n\tSjYKkmwtSy6yk4e2fEwwcrWhWDkD4y3971yenPEI="],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"gDXVcnUN\"; dkim-atps=neutral","Content-Type":"text/plain; charset=\"utf-8\"","MIME-Version":"1.0","Content-Transfer-Encoding":"quoted-printable","In-Reply-To":"<20220808230833.16275-3-laurent.pinchart@ideasonboard.com>","References":"<20220808230833.16275-1-laurent.pinchart@ideasonboard.com>\n\t<20220808230833.16275-3-laurent.pinchart@ideasonboard.com>","To":"Laurent Pinchart <laurent.pinchart@ideasonboard.com>,\n\tlibcamera-devel@lists.libcamera.org","Date":"Tue, 09 Aug 2022 13:19:13 +0100","Message-ID":"<166004755327.2190824.18157787717976171594@Monstersaurus>","User-Agent":"alot/0.10","Subject":"Re: [libcamera-devel] [PATCH v2 2/4] libcamera: pub_key: Gracefully\n\thandle failures to load public key","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","From":"Kieran Bingham via libcamera-devel\n\t<libcamera-devel@lists.libcamera.org>","Reply-To":"Kieran Bingham <kieran.bingham@ideasonboard.com>","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>"}}]