From a9d366adb718b4fcbad81d17b7b7f19f42982a31 Mon Sep 17 00:00:00 2001 From: Ikey Doherty Date: Fri, 7 Aug 2015 15:54:13 +0100 Subject: [PATCH] Resolve linking issues - ensuring cve-check-tool works with full RELRO This is currently the temporary path we'll use, as and when the packaging implementations switch to plugins, we can drop the current callback mechanism, abstract util.*, and query supported package types and then determine the plugin we'll use for the lifetime of this operation. Signed-off-by: Ikey Doherty --- src/library/cve-check-tool.h | 23 ++++++++++++----------- src/library/util.c | 10 +++++++--- src/library/util.h | 3 ++- src/main.c | 6 +++--- src/packaging/eopkg.c | 4 ++-- src/packaging/eopkg.h | 2 +- src/packaging/pkgbuild.c | 4 ++-- src/packaging/pkgbuild.h | 2 +- src/packaging/rpm.c | 4 ++-- src/packaging/rpm.h | 2 +- src/update-main.c | 7 ------- tests/check-core.c | 8 -------- tests/check-database.c | 7 ------- tests/check-jira-plugin.c | 8 -------- tests/check-packaging.c | 9 +++------ tests/check-template.c | 8 -------- 16 files changed, 36 insertions(+), 71 deletions(-) diff --git a/src/library/cve-check-tool.h b/src/library/cve-check-tool.h index 5225419..bc29d29 100644 --- a/src/library/cve-check-tool.h +++ b/src/library/cve-check-tool.h @@ -19,10 +19,21 @@ #include "core.h" +/** + * Distro implementations need to add packages to the interest list + * before we will check them for CVEs. This will actually call back to + * the self->examine function, and add the parsed package into the + * current list. + * + * @param path Full legal path to the source package + */ + +typedef void (*cve_add_callback)(const char *); + /** * Function to yield all applicable sources. */ -typedef void (*cve_locate_sources)(const char*, bool); +typedef void (*cve_locate_sources)(const char*, bool, cve_add_callback); /** * Determine if a package has already patched a vulnerability @@ -72,13 +83,3 @@ typedef struct CveCheckTool { * Remotely exploitable */ #define ACCESS_VECTOR_NETWORK "NETWORK" - -/** - * Distro implementations need to add packages to the interest list - * before we will check them for CVEs. This will actually call back to - * the self->examine function, and add the parsed package into the - * current list. - * - * @param path Full legal path to the source package - */ -void cve_add_package(const char *path); diff --git a/src/library/util.c b/src/library/util.c index 014c8f1..0f82f92 100644 --- a/src/library/util.c +++ b/src/library/util.c @@ -32,7 +32,7 @@ DEF_AUTOFREE(char, free) -bool find_sources(const char *path, package_match_func match, bool recurse) +bool find_sources(const char *path, package_match_func match, bool recurse, cve_add_callback cb) { struct stat st = {.st_ino = 0}; bool ret = false; @@ -40,6 +40,10 @@ bool find_sources(const char *path, package_match_func match, bool recurse) struct dirent *ent = NULL; char *fullp = NULL; + if (!cb) { + return false; + } + if (!match) { return false; } @@ -61,14 +65,14 @@ bool find_sources(const char *path, package_match_func match, bool recurse) goto end; } if (!(cve_is_dir(fullp) && !recurse)) { - find_sources(fullp, match, recurse); + find_sources(fullp, match, recurse, cb); } free(fullp); } } } else if (S_ISREG(st.st_mode)) { if (match(path)) { - cve_add_package(path); + cb(path); } } diff --git a/src/library/util.h b/src/library/util.h index 0105311..f3addb3 100644 --- a/src/library/util.h +++ b/src/library/util.h @@ -78,8 +78,9 @@ int64_t parse_xml_date(const char *date); * @param directory Base directory to recurse * @param match A function to determine "matching" source packages * @param recurse Whether we can recurse the given directory + * @param cb A callback to execute when we encounter a matching package */ -bool find_sources(const char *directory, package_match_func match, bool recurse); +bool find_sources(const char *directory, package_match_func match, bool recurse, cve_add_callback cb); /** * Implemented in a *similar* fashion to how g_autoptr is intended to diff --git a/src/main.c b/src/main.c index 61f0955..141e1fc 100644 --- a/src/main.c +++ b/src/main.c @@ -52,7 +52,7 @@ DEF_AUTOFREE(char, free) #define streq(x,y) strcmp(x,y) == 0 -static void cve_add_package_internal(struct source_package_t *pkg) +void cve_add_package_internal(struct source_package_t *pkg) { GList *issues = NULL, *em = NULL; gchar *cur_id = NULL; @@ -590,7 +590,7 @@ int main(int argc, char **argv) /* Attempt to add a single package.. */ if (cve_is_dir(target)) { /* Recurse.. */ - self->locate(target, true); + self->locate(target, true, &cve_add_package); } else { cve_add_package(target); } @@ -677,7 +677,7 @@ int main(int argc, char **argv) goto cleanup; } } - self->locate(path, false); + self->locate(path, false, &cve_add_package); clean: free(buf); buf = NULL; diff --git a/src/packaging/eopkg.c b/src/packaging/eopkg.c index a8a9a36..11365dc 100644 --- a/src/packaging/eopkg.c +++ b/src/packaging/eopkg.c @@ -156,7 +156,7 @@ bool eopkg_is_package(const char *filename) return g_str_has_suffix((const gchar*)filename, "pspec.xml") || g_str_has_suffix((const gchar*)filename, "pspec_x86_64.xml"); } -void eopkg_locate_sources(const char *directory, bool recurse) +void eopkg_locate_sources(const char *directory, bool recurse, cve_add_callback cb) { - find_sources(directory, &eopkg_is_package, recurse); + find_sources(directory, &eopkg_is_package, recurse, cb); } diff --git a/src/packaging/eopkg.h b/src/packaging/eopkg.h index f2cd215..84d4f66 100644 --- a/src/packaging/eopkg.h +++ b/src/packaging/eopkg.h @@ -24,6 +24,6 @@ struct source_package_t *eopkg_inspect_pspec(const char *filename); bool eopkg_is_patched(struct source_package_t *pkg, char *id); bool eopkg_is_ignored(struct source_package_t *pkg, char *id); -void eopkg_locate_sources(const char *directory, bool recurse); +void eopkg_locate_sources(const char *directory, bool recurse, cve_add_callback cb); bool eopkg_is_package(const char *filename); diff --git a/src/packaging/pkgbuild.c b/src/packaging/pkgbuild.c index 779a944..13bfcfb 100644 --- a/src/packaging/pkgbuild.c +++ b/src/packaging/pkgbuild.c @@ -111,7 +111,7 @@ bool pkgbuild_is_package(const char *filename) return g_str_has_suffix((const gchar*)filename, "PKGBUILD"); } -void pkgbuild_locate_sources(const char *directory, bool recurse) +void pkgbuild_locate_sources(const char *directory, bool recurse, cve_add_callback cb) { - find_sources(directory, &pkgbuild_is_package, recurse); + find_sources(directory, &pkgbuild_is_package, recurse, cb); } diff --git a/src/packaging/pkgbuild.h b/src/packaging/pkgbuild.h index 2ee0381..6a594fc 100644 --- a/src/packaging/pkgbuild.h +++ b/src/packaging/pkgbuild.h @@ -23,6 +23,6 @@ struct source_package_t *pkgbuild_inspect_spec(const char *filename); bool pkgbuild_is_patched(struct source_package_t *pkg, char *id); -void pkgbuild_locate_sources(const char *directory, bool recurse); +void pkgbuild_locate_sources(const char *directory, bool recurse, cve_add_callback cb); bool pkgbuild_is_package(const char *filename); diff --git a/src/packaging/rpm.c b/src/packaging/rpm.c index 3c42999..2c354e3 100644 --- a/src/packaging/rpm.c +++ b/src/packaging/rpm.c @@ -330,7 +330,7 @@ bool rpm_is_package(const char *filename) return g_str_has_suffix((const gchar*)filename, ".spec"); } -void rpm_locate_sources(const char *directory, bool recurse) +void rpm_locate_sources(const char *directory, bool recurse, cve_add_callback cb) { - find_sources(directory, &rpm_is_package, recurse); + find_sources(directory, &rpm_is_package, recurse, cb); } diff --git a/src/packaging/rpm.h b/src/packaging/rpm.h index 91911c1..51bd647 100644 --- a/src/packaging/rpm.h +++ b/src/packaging/rpm.h @@ -39,6 +39,6 @@ bool srpm_is_ignored(struct source_package_t *t, char *id); bool rpm_is_patched(struct source_package_t *pkg, char *id); bool rpm_is_ignored(struct source_package_t *pkg, char *id); -void rpm_locate_sources(const char *directory, bool recurse); +void rpm_locate_sources(const char *directory, bool recurse, cve_add_callback cb); bool rpm_is_package(const char *filename); diff --git a/src/update-main.c b/src/update-main.c index 56ffc88..7ee1608 100644 --- a/src/update-main.c +++ b/src/update-main.c @@ -48,13 +48,6 @@ static GOptionEntry _entries[] = { { .short_name = 0 } }; -/** - * TODO: Remove these symbol issues by further refactoring - */ -void cve_add_package(__attribute__ ((unused)) const char *path) -{ -} - /** * Main entry. */ diff --git a/tests/check-core.c b/tests/check-core.c index c560211..c47f3a2 100644 --- a/tests/check-core.c +++ b/tests/check-core.c @@ -23,14 +23,6 @@ #include "config.h" -/** - * Kept here as a no-op for now (linking) - */ -void cve_add_package(__attribute__((unused)) const char *path) -{ - -} - /** * Ensure parse_xml_date works */ diff --git a/tests/check-database.c b/tests/check-database.c index 1220075..aaf6abc 100644 --- a/tests/check-database.c +++ b/tests/check-database.c @@ -25,13 +25,6 @@ #include "config.h" -/** - * Kept here as a no-op for now (linking) - */ -void cve_add_package(__attribute__((unused)) const char *path) -{ -} - START_TEST(cve_database_new) { CveDB *db = NULL; diff --git a/tests/check-jira-plugin.c b/tests/check-jira-plugin.c index 9a55f93..8eb0c30 100644 --- a/tests/check-jira-plugin.c +++ b/tests/check-jira-plugin.c @@ -36,14 +36,6 @@ bool file_exists(const gchar *path) return((access(path,F_OK) != -1)); } -/** - * Kept here as a no-op for now (linking) - */ -void cve_add_package(__attribute__((unused)) const char *path) -{ - -} - /* Check the plugin init function which includes parsing the config file */ START_TEST(cve_jira_plugin_init_function) { diff --git a/tests/check-packaging.c b/tests/check-packaging.c index 13f85c6..76e5625 100644 --- a/tests/check-packaging.c +++ b/tests/check-packaging.c @@ -25,9 +25,6 @@ static int add_count = 0; -/** - * Kept here as a no-op for now (linking) - */ void cve_add_package(__attribute__((unused)) const char *path) { add_count++; @@ -187,15 +184,15 @@ START_TEST(cve_packaging_test) fail_if(t != PACKAGE_TYPE_UNKNOWN, "Incorrect unknown package type detection"); add_count = 0; - eopkg_locate_sources(TOP_DIR "/tests/dummy_data/eopkg", true); + eopkg_locate_sources(TOP_DIR "/tests/dummy_data/eopkg", true, &cve_add_package); fail_if(add_count != 1, "Failed to locate eopkg sources"); add_count = 0; - rpm_locate_sources(TOP_DIR "/tests/dummy_data/rpm", true); + rpm_locate_sources(TOP_DIR "/tests/dummy_data/rpm", true, &cve_add_package); fail_if(add_count != 2, "Failed to locate RPM sources"); add_count = 0; - pkgbuild_locate_sources(TOP_DIR "/tests/dummy_data/pkgbuild", true); + pkgbuild_locate_sources(TOP_DIR "/tests/dummy_data/pkgbuild", true, &cve_add_package); fail_if(add_count != 1, "Failed to locate PKGBUILD sources"); } END_TEST diff --git a/tests/check-template.c b/tests/check-template.c index 7b1513f..ec5723c 100644 --- a/tests/check-template.c +++ b/tests/check-template.c @@ -18,14 +18,6 @@ #include "config.h" -/** - * Kept here as a no-op for now (linking) - */ -void cve_add_package(__attribute__((unused)) const char *path) -{ - -} - START_TEST(cve_template_basic) { gchar *ret = NULL;