Bug#1014272: marked as done (src:linux: sign-file: correct error handling)

[Debian Bug Tracking System]

Your message dated Fri, 23 May 2025 09:50:58 +0200
with message-id 
<6kwotukoxcabl6s4jjdac6a3y4rjmqi6s3u5jwnmw7n6ivctkr@jiavi4kmjsyg>
and subject line fixed upstream
has caused the Debian Bug report #1014272,
regarding src:linux: sign-file: correct error handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1014272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014272
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: linux
Version: 5.18.5-1
Severity: normal
Tags: upstream
Control: found -1 4.19.208-1 5.10.84-1

The functions CMS_final, i2d_CMS_bio_stream, i2d_PKCS7_bio and
BIO_free all return 1 for success or 0 for failure. The old check
for a value less than 0 would never catch an error.

I tried signing a kernel module with the patched sign-file and that
still worked.

Ansgar

>From d11fb170c3ec172ce6707baab03b1499f14e0f20 Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt <ans...@43-1.org>
Date: Sun, 3 Jul 2022 11:17:50 +0200
Subject: [PATCH] sign-file: correct error handling

The functions CMS_final, i2d_CMS_bio_stream, i2d_PKCS7_bio and
BIO_free all return 1 for success or 0 for failure.

Signed-off-by: Ansgar Burchardt <ans...@43-1.org>
---
 scripts/sign-file.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 7434e9ea926e..4889f919ff8a 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -322,7 +322,7 @@ int main(int argc, char **argv)
                                     CMS_NOSMIMECAP | use_keyid |
                                     use_signed_attrs),
                    "CMS_add1_signer");
-               ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0,
+               ERR(!CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY),
                    "CMS_final");
 
 #else
@@ -341,10 +341,10 @@ int main(int argc, char **argv)
                        b = BIO_new_file(sig_file_name, "wb");
                        ERR(!b, "%s", sig_file_name);
 #ifndef USE_PKCS7
-                       ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0,
+                       ERR(!i2d_CMS_bio_stream(b, cms, NULL, 0),
                            "%s", sig_file_name);
 #else
-                       ERR(i2d_PKCS7_bio(b, pkcs7) < 0,
+                       ERR(!i2d_PKCS7_bio(b, pkcs7),
                            "%s", sig_file_name);
 #endif
                        BIO_free(b);
@@ -374,9 +374,9 @@ int main(int argc, char **argv)
 
        if (!raw_sig) {
 #ifndef USE_PKCS7
-               ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name);
+               ERR(!i2d_CMS_bio_stream(bd, cms, NULL, 0), "%s", dest_name);
 #else
-               ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name);
+               ERR(!i2d_PKCS7_bio(bd, pkcs7), "%s", dest_name);
 #endif
        } else {
                BIO *b;
@@ -396,7 +396,7 @@ int main(int argc, char **argv)
        ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name);
        ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", 
dest_name);
 
-       ERR(BIO_free(bd) < 0, "%s", dest_name);
+       ERR(!BIO_free(bd), "%s", dest_name);
 
        /* Finally, if we're signing in place, replace the original. */
        if (replace_orig)
-- 
2.35.1

--- End Message ---

--- Begin Message ---

Version: 6.7-1~exp1

A variant of this patch was commited to 6.7-rc6.

Bastian

-- 

--- End Message ---