Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

token: sort paths for reproducible extract #656

Merged
merged 1 commit into from
Aug 30, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
token: sort paths for reproducible extract
There is no defined order in which readdir will return the entries
of a directory. In practice, order can depend on inode number or
similar. If we run p11-kit on different files systems with similar
directory structure but different inode order the output of extract
can change.

To get a stable and reproducible output, sort the paths returned by
readdir before extracting.

Co-authored-by: Tom Dohrmann <[email protected]>
Signed-off-by: Paul Meyer <[email protected]>
katexochen and Freax13 committed Aug 30, 2024

Unverified

This user has not yet uploaded their public signing key.
commit a57afabad39ed03ae3bdd31cfb6c89c9904372f9
26 changes: 25 additions & 1 deletion trust/token.c
Original file line number Diff line number Diff line change
@@ -252,16 +252,28 @@ loader_load_if_file (p11_token *token,
return 0;
}

static int
compar_strings (const void *one,
const void *two)
{
const char **p1 = (const char **)one;
const char **p2 = (const char **)two;
return strcmp (*p1, *p2);
}


static int
loader_load_directory (p11_token *token,
const char *directory,
p11_dict *present)
{
p11_dictiter iter;
p11_array *paths;
struct dirent *dp;
char *path;
int total = 0;
int ret;
int i;
DIR *dir;

/* First we load all the modules */
@@ -272,10 +284,22 @@ loader_load_directory (p11_token *token,
return 0;
}

paths = p11_array_new (NULL);
return_val_if_fail (paths != NULL, -1);

while ((dp = readdir (dir)) != NULL) {
path = p11_path_build (directory, dp->d_name, NULL);
return_val_if_fail (path != NULL, -1);

return_val_if_fail (p11_array_push (paths, path), -1);
}

closedir (dir);

qsort (paths->elem, paths->num, sizeof (char *), compar_strings);

for (i = 0; i < paths->num; i++) {
path = paths->elem[i];
ret = loader_load_if_file (token, path);
if (ret >= 0) {
if (ret <= INT_MAX - total) {
@@ -291,7 +315,7 @@ loader_load_directory (p11_token *token,
free (path);
}

closedir (dir);
p11_array_free (paths);

/* All other files that were present, not here now */
p11_dict_iterate (present, &iter);