[PATCH 1/1] core: Guard signed-images provider check
8 views
Skip to first unread message
James Hilliard
Jan 20, 2026, 5:03:29 PM (12 days ago) Jan 20
to swup...@googlegroups.com, James Hilliard
Signed-images startup called strcmp(get_dgstlib(), "GPG") before any
provider was selected and without guarding NULL. When no digest provider
is registered (e.g. CONFIG_SIGNED_IMAGES without CONFIG_SIGALG_*), this
segfaults.
Move the check after set_dgstlib() and error out if no provider is
registered. This keeps the public-key/GPG requirements aligned with the
selected provider.
Signed-off-by: James Hilliard <james.h...@gmail.com>
---
core/swupdate.c | 52 +++++++++++++++++++++++++++----------------------
1 file changed, 29 insertions(+), 23 deletions(-)
diff --git a/core/swupdate.c b/core/swupdate.c
index 4c17c2d4..cfac2f81 100644
--- a/core/swupdate.c
+++ b/core/swupdate.c
@@ -580,7 +580,9 @@ int main(int argc, char **argv)
bool opt_c = false;
char image_url[MAX_URL];
char main_options[256];
+#ifdef CONFIG_SIGNED_IMAGES
unsigned int public_key_mandatory = 0;
+#endif
struct sigaction sa;
#ifdef CONFIG_SURICATTA
int opt_u = 0;
@@ -946,33 +948,10 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE);
}
-#ifdef CONFIG_SIGNED_IMAGES
- public_key_mandatory = strcmp(get_dgstlib(), "GPG");
-#endif
-
/*
* Parameters are parsed: now performs plausibility
* tests before starting processes and threads
*/
- if (public_key_mandatory && !strlen(swcfg.publickeyfname)) {
- fprintf(stderr,
- "Error: SWUpdate is built for signed images, provide a public key file.\n");
- exit(EXIT_FAILURE);
- }
-
-#ifdef CONFIG_SIGALG_GPG
- if (!public_key_mandatory && !strlen(swcfg.gpg_home_directory)) {
- fprintf(stderr,
- "Error: SWUpdate is built for signed images, provide a GnuPG home directory.\n");
- exit(EXIT_FAILURE);
- }
- if (!public_key_mandatory && !strlen(swcfg.gpgme_protocol)) {
- fprintf(stderr,
- "Error: SWUpdate is built for signed images, please specify GnuPG protocol.\n");
- exit(EXIT_FAILURE);
- }
-#endif
-
if (opt_c && !opt_i) {
fprintf(stderr,
"Error: Checking local images requires -i <file>.\n");
@@ -1015,6 +994,33 @@ int main(int argc, char **argv)
}
}
+#ifdef CONFIG_SIGNED_IMAGES
+ const char *dgstlib = get_dgstlib();
+ if (!dgstlib) {
+ fprintf(stderr,
+ "Error: SWUpdate is built for signed images but no verification provider is registered.\n");
+ exit(EXIT_FAILURE);
+ }
+ public_key_mandatory = (strcmp(dgstlib, "GPG") != 0);
+ if (public_key_mandatory && !strlen(swcfg.publickeyfname)) {
+ fprintf(stderr,
+ "Error: SWUpdate is built for signed images, provide a public key file.\n");
+ exit(EXIT_FAILURE);
+ }
+#ifdef CONFIG_SIGALG_GPG
+ if (!public_key_mandatory && !strlen(swcfg.gpg_home_directory)) {
+ fprintf(stderr,
+ "Error: SWUpdate is built for signed images, provide a GnuPG home directory.\n");
+ exit(EXIT_FAILURE);
+ }
+ if (!public_key_mandatory && !strlen(swcfg.gpgme_protocol)) {
+ fprintf(stderr,
+ "Error: SWUpdate is built for signed images, please specify GnuPG protocol.\n");
+ exit(EXIT_FAILURE);
+ }
+#endif
+#endif
+
printf("%s\n\n", BANNER);
printf("Licensed under GPLv2. See source distribution for detailed "
"copyright notices.\n\n");
--
2.43.0
provider was selected and without guarding NULL. When no digest provider
is registered (e.g. CONFIG_SIGNED_IMAGES without CONFIG_SIGALG_*), this
segfaults.
Move the check after set_dgstlib() and error out if no provider is
registered. This keeps the public-key/GPG requirements aligned with the
selected provider.
Signed-off-by: James Hilliard <james.h...@gmail.com>
---
core/swupdate.c | 52 +++++++++++++++++++++++++++----------------------
1 file changed, 29 insertions(+), 23 deletions(-)
diff --git a/core/swupdate.c b/core/swupdate.c
index 4c17c2d4..cfac2f81 100644
--- a/core/swupdate.c
+++ b/core/swupdate.c
@@ -580,7 +580,9 @@ int main(int argc, char **argv)
bool opt_c = false;
char image_url[MAX_URL];
char main_options[256];
+#ifdef CONFIG_SIGNED_IMAGES
unsigned int public_key_mandatory = 0;
+#endif
struct sigaction sa;
#ifdef CONFIG_SURICATTA
int opt_u = 0;
@@ -946,33 +948,10 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE);
}
-#ifdef CONFIG_SIGNED_IMAGES
- public_key_mandatory = strcmp(get_dgstlib(), "GPG");
-#endif
-
/*
* Parameters are parsed: now performs plausibility
* tests before starting processes and threads
*/
- if (public_key_mandatory && !strlen(swcfg.publickeyfname)) {
- fprintf(stderr,
- "Error: SWUpdate is built for signed images, provide a public key file.\n");
- exit(EXIT_FAILURE);
- }
-
-#ifdef CONFIG_SIGALG_GPG
- if (!public_key_mandatory && !strlen(swcfg.gpg_home_directory)) {
- fprintf(stderr,
- "Error: SWUpdate is built for signed images, provide a GnuPG home directory.\n");
- exit(EXIT_FAILURE);
- }
- if (!public_key_mandatory && !strlen(swcfg.gpgme_protocol)) {
- fprintf(stderr,
- "Error: SWUpdate is built for signed images, please specify GnuPG protocol.\n");
- exit(EXIT_FAILURE);
- }
-#endif
-
if (opt_c && !opt_i) {
fprintf(stderr,
"Error: Checking local images requires -i <file>.\n");
@@ -1015,6 +994,33 @@ int main(int argc, char **argv)
}
}
+#ifdef CONFIG_SIGNED_IMAGES
+ const char *dgstlib = get_dgstlib();
+ if (!dgstlib) {
+ fprintf(stderr,
+ "Error: SWUpdate is built for signed images but no verification provider is registered.\n");
+ exit(EXIT_FAILURE);
+ }
+ public_key_mandatory = (strcmp(dgstlib, "GPG") != 0);
+ if (public_key_mandatory && !strlen(swcfg.publickeyfname)) {
+ fprintf(stderr,
+ "Error: SWUpdate is built for signed images, provide a public key file.\n");
+ exit(EXIT_FAILURE);
+ }
+#ifdef CONFIG_SIGALG_GPG
+ if (!public_key_mandatory && !strlen(swcfg.gpg_home_directory)) {
+ fprintf(stderr,
+ "Error: SWUpdate is built for signed images, provide a GnuPG home directory.\n");
+ exit(EXIT_FAILURE);
+ }
+ if (!public_key_mandatory && !strlen(swcfg.gpgme_protocol)) {
+ fprintf(stderr,
+ "Error: SWUpdate is built for signed images, please specify GnuPG protocol.\n");
+ exit(EXIT_FAILURE);
+ }
+#endif
+#endif
+
printf("%s\n\n", BANNER);
printf("Licensed under GPLv2. See source distribution for detailed "
"copyright notices.\n\n");
--
2.43.0
Stefano Babic
Jan 27, 2026, 8:34:19 AM (6 days ago) Jan 27
to James Hilliard, swup...@googlegroups.com
Best regards,
Stefano Babic
Reply all
Reply to author
Forward
0 new messages