| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When loading and unloading p11-kit-proxy.so with pkcs11-tool, it
accesses already free'd memory area:
$ valgrind pkcs11-tool --module p11-kit-proxy.so -L
==25173== Invalid read of size 8
==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724)
==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65)
==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so)
==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so)
==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so)
==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so)
==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so)
==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so)
==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool)
==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool)
==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so)
==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd
==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530)
==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902)
==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723)
|
| |
|
|
|
|
|
|
| |
On non-glibc systems (e.g., FreeBSD), pthread_atfork() stub is
provided as a nop and our fork detection mechanism doesn't work. Pull
in the actual implementation from libpthread in that case.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This eliminates the unconditional use of pthread_{get,set}specific()
and pthread_key_{create,delete}(), which glibc doesn't provide the stubs.
|
| |
|
|
|
| |
Some test programs use pthread_create(), which glibc doesn't provide
the stub. Link those programs with -lpthread.
|
| |
|
|
|
|
| |
If the ELF constructor is usable, we don't really need the once-init
function because it is guaranteed that the code runs only once in the
constructor.
|
| |
|
|
|
| |
This eliminates the use of pthread_mutexattr_* functions, which glibc
doesn't provide the stubs.
|
| |
|
|
| |
Spotted by coverity.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This patch removes the restriction of p11_kit_remote_serve_tokens()
that were not capable of serving tokens across multiple modules.
|
| |
|
|
|
| |
Otherwise, the p11-kit-remote program called from p11-kit-server would
load the system modules instead of the local fixtures.
|
| |
|
|
|
|
|
|
|
|
| |
Previously, to aggregate multiple modules into one, there was no other
way than loading the proxy module. From the p11-kit applications,
however, it is not possible to load that module because of the
recursive loading check (p11_proxy_module_check).
This patch adds another means to aggregate modules, through a library
function p11_proxy_module_create.
|
| | |
|
| |
|
|
|
|
| |
On NetBSD, reallocarray is not declared until _OPENBSD_SOURCE is
defined. Reported by Patrick Welche in:
https://lists.freedesktop.org/archives/p11-glue/2018-July/000691.html
|
| |
|
|
|
|
|
|
|
|
|
| |
This enables socket activation of "p11-kit server" through systemd.
The feature provided is essentially the same as commit
a4fb2bb5 (reverted), but implemented with "p11-kit server" and
libsystemd API instead of wrapping "p11-kit remote" in the unit file.
Note that, while it exposes all tokens through the socket, it doesn't
increase attack surface beyond the PKCS#11 binary interface provided
by p11-kit-proxy.so, because the service is per-user.
|
| |
|
|
|
|
|
|
|
| |
When cross-compiling, the configure check for issetugid() aborts,
because of the pessimistic default of AC_RUN_IFELSE. This patch
provides the non-pessimistic default to AC_RUN_IFELSE and wrap the
macro invocation with AC_CACHE_CHECK so that the user can override the
check by setting ac_cv_issetugid_openbsd=yes, as suggested in:
https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Runtime.html#Runtime
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
On macOS and FreeBSD, issetugid() has different semantics from the
original OpenBSD implementation and cannot reliably detect if the
process made setuid/setgid:
https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e
This should fix:
https://bugs.freedesktop.org/show_bug.cgi?id=67451
https://bugs.freedesktop.org/show_bug.cgi?id=100287
|
| |
|
|
|
|
| |
On macOS, locale_t is not defined in <locale.h>. Although it is
defined in <xlocale.h>, we rather not use locales at all for POSIX
compliance.
|
| | |
|
| |
|
|
| |
Use symlink in the repository, instead of copying.
|
| | |
|
| | |
|
| |
|
|
|
| |
As we removed README from the repository, it is no longer
automatically picked up for the distribution by Automake.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
RFC 3986 suggests that implementations should accept uppercase letters
as equivalent to lowercase in scheme names.
|
| |
|
|
|
|
| |
The tolower()/toupper() functions take into account of the current
locale settings, which p11-kit doesn't want. Add replacement
functions that work as if they are called under the C locale.
|
| |
|
|
|
|
|
|
|
| |
This does not improve const for the getters. The reason for this is that
they are usually passed into the PKCS#11 APIs directly and these APIs
are not const correct. Trying to force const correctnesss here would
result in pain for library consumers.
This is an API and ABI compatible change.
|
| |
|
|
|
|
|
|
|
| |
That is, use README.md as primary source to generate README as
README is required by the GNU guidelines. We don't try to convert
to "real" plain text as markdown is readable, and to avoid introducing
another dependency (e.g., pandoc).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Resolves #80
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Resolves #153
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
