See ChangeLog: Wed Jun 14 12:27:09 CEST 2000 Werner Koch

2025-07-02 22:46:30 +02:00 · 2000-06-14 10:12:10 +00:00 · 2000-06-14 10:12:10 +00:00 · 07e51ec069
commit 07e51ec069
parent b8013e44ad
9 changed files with 92 additions and 33 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,13 @@
+Wed Jun 14 12:27:09 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * status.c (init_shm_coprocessing): Changed the sequence of the get,attach
+  to cope with the changes in newer Linux kernels.  This bug has been found
+  by <dmitri@advantrix.com> who also proposed this solution.  Hopefully
+  this does not break gpg on to many systems.
+
+  * cipher.c (write_header): Protect the IV with the MDC too.
+  * encr-data.c (decrypt_data): Likewise.
+
 Fri Jun  9 10:09:52 CEST 2000  Werner Koch  <wk@openit.de>

  * g10.c: New options --no-auto-key-retrieve
--- a/g10/cipher.c
+++ b/g10/cipher.c
@ -82,6 +82,8 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
    cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen );
    cipher_setiv( cfx->cipher_hd, NULL, 0 );
 /*  log_hexdump( "prefix", temp, nprefix+2 ); */
+    if( cfx->mdc_hash ) /* hash the "IV" */
+	md_write( cfx->mdc_hash, temp, nprefix+2 );
    cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2);
    cipher_sync( cfx->cipher_hd );
    iobuf_write(a, temp, nprefix+2);
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@ -119,6 +119,9 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
 	goto leave;
    }

+    if( dfx.mdc_hash )
+	md_write( dfx.mdc_hash, temp, nprefix+2 );
+
    if( ed->mdc_method )
 	iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );
    else
--- a/g10/status.c
+++ b/g10/status.c
@ -196,6 +196,10 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
    if ( shm_id == -1 )
 	log_fatal("can't get %uk of shared memory: %s\n",
 				(unsigned)shm_size/1024, strerror(errno));
+
+  #if !defined(IPC_HAVE_SHM_LOCK) \
+      && defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
+    /* part of the old code which uses mlock */
    shm_area = shmat( shm_id, 0, 0 );
    if ( shm_area == (char*)-1 )
 	log_fatal("can't attach %uk shared memory: %s\n",
@ -206,29 +210,17 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
      #ifdef USE_CAPABILITIES
 	cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
      #endif
-      #ifdef IPC_HAVE_SHM_LOCK
-	if ( shmctl (shm_id, SHM_LOCK, 0) )
-	    log_info("locking shared memory %d failed: %s\n",
-				shm_id, strerror(errno));
-	else
-	    shm_is_locked = 1;
-      #elif defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
 	/* (need the cast for Solaris with Sun's workshop compilers) */
 	if ( mlock ( (char*)shm_area, shm_size) )
 	    log_info("locking shared memory %d failed: %s\n",
 				shm_id, strerror(errno));
 	else
 	    shm_is_locked = 1;
-      #else
-	log_info("Locking shared memory %d failed: No way to do it\n", shm_id );
-      #endif
      #ifdef USE_CAPABILITIES
 	cap_set_proc( cap_from_text("cap_ipc_lock+p") );
      #endif
    }

-
-
  #ifdef IPC_RMID_DEFERRED_RELEASE
    if( shmctl( shm_id, IPC_RMID, 0) )
 	log_fatal("shmctl IPC_RMDID of %d failed: %s\n",
@ -245,13 +237,59 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
 						shm_id, strerror(errno));
    }

+  #else /* this is the new code which handles the changes in the SHM semantics
+	 * introduced with Linux 2.4.  The changes is that we now change the
+	 * permissions and then attach to the memory.
+	 */
+
+    if( lock_mem ) {
+      #ifdef USE_CAPABILITIES
+	cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
+      #endif
+      #ifdef IPC_HAVE_SHM_LOCK
+	if ( shmctl (shm_id, SHM_LOCK, 0) )
+	    log_info("locking shared memory %d failed: %s\n",
+				shm_id, strerror(errno));
+	else
+	    shm_is_locked = 1;
+      #else
+	log_info("Locking shared memory %d failed: No way to do it\n", shm_id );
+      #endif
+      #ifdef USE_CAPABILITIES
+	cap_set_proc( cap_from_text("cap_ipc_lock+p") );
+      #endif
+    }
+
+    if( shmctl( shm_id, IPC_STAT, &shmds ) )
+	log_fatal("shmctl IPC_STAT of %d failed: %s\n",
+					    shm_id, strerror(errno));
+    if( shmds.shm_perm.uid != getuid() ) {
+	shmds.shm_perm.uid = getuid();
+	if( shmctl( shm_id, IPC_SET, &shmds ) )
+	    log_fatal("shmctl IPC_SET of %d failed: %s\n",
+						shm_id, strerror(errno));
+    }
+
+    shm_area = shmat( shm_id, 0, 0 );
+    if ( shm_area == (char*)-1 )
+	log_fatal("can't attach %uk shared memory: %s\n",
+				(unsigned)shm_size/1024, strerror(errno));
+    log_debug("mapped %uk shared memory at %p, id=%d\n",
+			    (unsigned)shm_size/1024, shm_area, shm_id );
+
+  #ifdef IPC_RMID_DEFERRED_RELEASE
+    if( shmctl( shm_id, IPC_RMID, 0) )
+	log_fatal("shmctl IPC_RMDID of %d failed: %s\n",
+					    shm_id, strerror(errno));
+  #endif
+
+  #endif
    /* write info; Protocol version, id, size, locked size */
    sprintf( buf, "pv=1 pid=%d shmid=%d sz=%u lz=%u", (int)getpid(),
 	    shm_id, (unsigned)shm_size, shm_is_locked? (unsigned)shm_size:0 );
    write_status_text( STATUS_SHM_INFO, buf );
 }

-
 /****************
 * Request a string from client
 * If bool, returns static string on true (do not free) or NULL for false