Re: [systemd-devel] [PATCH 6/6] Add SHA1 hash sum to coredump report

Tue, 12 Feb 2013 18:24:11 -0800 

On Tue, 12.02.13 01:14, Oleksii Shevchuk (alx...@gmail.com) wrote:

>  static int submit_process_core(struct iovec iovec[15], int idx,
>                                 const char * comm,
>                                 const int journal)
> @@ -61,6 +72,10 @@ static int submit_process_core(struct iovec iovec[15], int 
> idx,
>          _cleanup_free_   char * corelink = NULL;
>          _cleanup_free_   char * t = NULL;
>  
> +#if defined(HAVE_GCRYPT)
> +        _cleanup_free_   char * h = NULL;
> +#endif
> +
>          if (journal) {
>                  mkdir_p_label("/var/lib/systemd/coredump", 0755);
>                  corelink = 
> strdup("/var/lib/systemd/coredump/core.systemd-journald");
> @@ -152,6 +167,17 @@ journal:
>                          log_debug("chmod %s: %s", corepath, strerror(errno));
>                  }
>  
> +#if defined(HAVE_GCRYPT)
> +                __attribute__((cleanup(gcry_md_closep)))
> +                        gcry_md_hd_t HD;

Hmm, we try to avoid using gcc intrinsics directly, we always use macros
for that. But for particular cases like this it's probably better to not
use the cleanup stuff at all, rather than using a use-once macro. Just
clean up this thing in some "finish" label thingy.

> +                gcry_error_t gr = gcry_md_open (&HD, GCRY_MD_SHA1,
> 0);

Coding style. It's "foo()" rather than "foo ()".

> +                if (gr != GPG_ERR_NO_ERROR) {
> +                        log_error("Failed to initialize gcrypt hash context: 
> %s",
> +                                  gpg_strerror(gr));
> +                        goto finish;
> +                }
> +#endif
> +
>                  for (;;) {
>                          uint8_t buffer[4096];
>                          size_t l, q;
> @@ -171,6 +197,9 @@ journal:
>                                  log_error("Failed to write coredump: %m");
>                                  goto finish;
>                          }
> +#if defined(HAVE_GCRYPT)
> +                        gcry_md_write(HD, buffer, l);
> +#endif
>                  }
>  
>                  fflush(corefile);
> @@ -190,6 +219,25 @@ journal:
>                  t = strjoin("COREDUMP_FILE=coredump/", corelink, NULL);
>                  if (t)
>                          IOVEC_SET_STRING(iovec[idx ++], t);
> +
> +#if defined(HAVE_GCRYPT)
> +                char * bh = hexstr(gcry_md_read(HD, GCRY_MD_SHA1),
>                  20);

Given the existing doubts about SHA1: if you already use a cryptographic
hash, maybe use SHA256 instead?

> +
> +                if (! bh) {
> +                        r = log_oom();
> +                        goto finish;
> +                }
> +
> +                h = strjoin("COREDUMP_FILE_SHA1=", bh, NULL);
> +                free(bh);
> +
> +                if (! h) {
> +                        r = log_oom();
> +                        goto finish;
> +                }
> +
> +                IOVEC_SET_STRING(iovec[idx ++], h);
> +#endif

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to