From 8b064ca814bc02edd7c0f6c6352d0975d7eaab49 Mon Sep 17 00:00:00 2001 From: olszomal Date: Mon, 26 Apr 2021 10:48:53 +0200 Subject: [PATCH 1/2] sizeof style --- osslsigncode.c | 62 +++++++++++++++++++++++++------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/osslsigncode.c b/osslsigncode.c index 1f6b9ac..6b207f6 100644 --- a/osslsigncode.c +++ b/osslsigncode.c @@ -1422,7 +1422,7 @@ static SpcLink *get_obsolete_link(void) link->value.file = SpcString_new(); link->value.file->type = 0; link->value.file->value.unicode = ASN1_BMPSTRING_new(); - ASN1_STRING_set(link->value.file->value.unicode, obsolete, sizeof(obsolete)); + ASN1_STRING_set(link->value.file->value.unicode, obsolete, sizeof obsolete); return link; } @@ -1434,7 +1434,7 @@ static const unsigned char classid_page_hash[] = { static unsigned char *pe_calc_page_hash(char *indata, uint32_t header_size, int pe32plus, uint32_t sigpos, int phtype, size_t *rphlen) { - uint16_t nsections, sizeofopthdr; + uint16_t nsections, opthdr_size; uint32_t pagesize, hdrsize; uint32_t rs, ro, l, lastpos = 0; int pphlen, phlen, i, pi = 1; @@ -1463,8 +1463,8 @@ static unsigned char *pe_calc_page_hash(char *indata, uint32_t header_size, memset(res, 0, 4); EVP_DigestFinal(mdctx, res + 4, NULL); - sizeofopthdr = GET_UINT16_LE(indata + header_size + 20); - sections = indata + header_size + 24 + sizeofopthdr; + opthdr_size = GET_UINT16_LE(indata + header_size + 20); + sections = indata + header_size + 24 + opthdr_size; for (i=0; iclassId, classid_page_hash, sizeof(classid_page_hash)); + ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof classid_page_hash); ASN1_OCTET_STRING_set(so->serializedData, p, l); OPENSSL_free(p); @@ -1614,7 +1614,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, GLOBAL_OPTIONS *opti ASN1_INTEGER_set(si->d, 0); ASN1_INTEGER_set(si->e, 0); ASN1_INTEGER_set(si->f, 0); - ASN1_OCTET_STRING_set(si->string, msistr, sizeof(msistr)); + ASN1_OCTET_STRING_set(si->string, msistr, sizeof msistr); l = i2d_SpcSipInfo(si, NULL); p = OPENSSL_malloc(l); i2d_SpcSipInfo(si, &p); @@ -1964,7 +1964,7 @@ static time_t si_get_time(PKCS7_SIGNER_INFO *si) if (object == NULL) return INVALID_TIME; /* FAILED */ object_txt[0] = 0x00; - OBJ_obj2txt(object_txt, sizeof(object_txt), object, 1); + OBJ_obj2txt(object_txt, sizeof object_txt, object, 1); if (!strcmp(object_txt, PKCS9_SIGNING_TIME)) { /* PKCS#9 signing time - Policy OID: 1.2.840.113549.1.9.5 */ time = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTCTIME, NULL); @@ -2199,9 +2199,9 @@ static int print_attributes(SIGNATURE *signature, int verbose) print_time_t(signature->signtime); if (signature->purpose) { - if (!memcmp(signature->purpose, purpose_comm, sizeof(purpose_comm))) + if (!memcmp(signature->purpose, purpose_comm, sizeof purpose_comm)) printf("\tMicrosoft Commercial Code Signing purpose\n"); - else if (!memcmp(signature->purpose, purpose_ind, sizeof(purpose_ind))) + else if (!memcmp(signature->purpose, purpose_ind, sizeof purpose_ind)) printf("\tMicrosoft Individual Code Signing purpose\n"); else printf("\tUnrecognized Code Signing purpose\n"); @@ -2213,7 +2213,7 @@ static int print_attributes(SIGNATURE *signature, int verbose) printf("\tText description: %s\n", signature->desc); } if (signature->level) { - if (!memcmp(signature->level, java_attrs_low, sizeof(java_attrs_low))) + if (!memcmp(signature->level, java_attrs_low, sizeof java_attrs_low)) printf("\tLow level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); else printf("\tUnrecognized level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); @@ -2251,7 +2251,7 @@ static void get_signed_attributes(SIGNATURE *signature, STACK_OF(X509_ATTRIBUTE) if (object == NULL) continue; object_txt[0] = 0x00; - OBJ_obj2txt(object_txt, sizeof(object_txt), object, 1); + OBJ_obj2txt(object_txt, sizeof object_txt, object, 1); if (!strcmp(object_txt, PKCS9_MESSAGE_DIGEST)) { /* PKCS#9 message digest - Policy OID: 1.2.840.113549.1.9.4 */ signature->digest = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_OCTET_STRING, NULL); @@ -2317,7 +2317,7 @@ static void get_unsigned_attributes(STACK_OF(SIGNATURE) **signatures, SIGNATURE if (object == NULL) continue; object_txt[0] = 0x00; - OBJ_obj2txt(object_txt, sizeof(object_txt), object, 1); + OBJ_obj2txt(object_txt, sizeof object_txt, object, 1); if (!strcmp(object_txt, PKCS9_COUNTER_SIGNATURE)) { /* Authenticode Timestamp - Policy OID: 1.2.840.113549.1.9.6 */ PKCS7_SIGNER_INFO *countersi; @@ -3182,8 +3182,8 @@ static void pe_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf, while (n < offset) { int l; size_t want = offset - n; - if (want > sizeof(bfb)) - want = sizeof(bfb); + if (want > sizeof bfb) + want = sizeof bfb; l = BIO_read(bio, bfb, want); if (l <= 0) break; @@ -3224,8 +3224,8 @@ static void pe_extract_page_hash(SpcAttributeTypeAndOptionalValue *obj, return; } so = id->file->value.moniker; - if (so->classId->length != sizeof(classid_page_hash) || - memcmp(so->classId->data, classid_page_hash, sizeof (classid_page_hash))) { + if (so->classId->length != sizeof classid_page_hash || + memcmp(so->classId->data, classid_page_hash, sizeof classid_page_hash)) { SpcPeImageData_free(id); return; } @@ -3239,7 +3239,7 @@ static void pe_extract_page_hash(SpcAttributeTypeAndOptionalValue *obj, *phtype = 0; buf[0] = 0x00; - OBJ_obj2txt(buf, sizeof(buf), obj->type, 1); + OBJ_obj2txt(buf, sizeof buf, obj->type, 1); if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V1)) { *phtype = NID_sha1; } else if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V2)) { @@ -3683,8 +3683,8 @@ static void cab_calc_digest(char *indata, const EVP_MD *md, unsigned char *mdbuf while (coffFiles < offset) { int l; uint32_t want = offset - coffFiles; - if (want > sizeof(bfb)) - want = sizeof(bfb); + if (want > sizeof bfb) + want = sizeof bfb; l = BIO_read(bio, bfb, want); if (l <= 0) break; @@ -4280,7 +4280,7 @@ static void add_jp_attribute(PKCS7_SIGNER_INFO *si, int jp) switch (jp) { case 0: attrs = java_attrs_low; - len = sizeof(java_attrs_low); + len = sizeof java_attrs_low; break; case 1: /* XXX */ @@ -4303,9 +4303,9 @@ static void add_purpose_attribute(PKCS7_SIGNER_INFO *si, int comm) astr = ASN1_STRING_new(); if (comm) { - ASN1_STRING_set(astr, purpose_comm, sizeof(purpose_comm)); + ASN1_STRING_set(astr, purpose_comm, sizeof purpose_comm); } else { - ASN1_STRING_set(astr, purpose_ind, sizeof(purpose_ind)); + ASN1_STRING_set(astr, purpose_ind, sizeof purpose_ind); } PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_STATEMENT_TYPE_OBJID), V_ASN1_SEQUENCE, astr); @@ -4428,8 +4428,8 @@ static int add_unauthenticated_blob(PKCS7 *sig) if ((p = OPENSSL_malloc(len)) == NULL) return 1; /* FAILED */ memset(p, 0, len); - memcpy(p, prefix, sizeof(prefix)); - memcpy(p+len-sizeof(postfix), postfix, sizeof(postfix)); + memcpy(p, prefix, sizeof prefix); + memcpy(p + len - sizeof postfix, postfix, sizeof postfix); astr = ASN1_STRING_new(); ASN1_STRING_set(astr, p, len); nid = OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID, @@ -4724,10 +4724,10 @@ static int get_file_type(char *indata, char *infile, file_type_t *type) *type = FILE_TYPE_CAB; } else if (!memcmp(indata, "MZ", 2)) { *type = FILE_TYPE_PE; - } else if (!memcmp(indata, msi_magic, sizeof(msi_magic))) { + } else if (!memcmp(indata, msi_magic, sizeof msi_magic)) { *type = FILE_TYPE_MSI; } else if (!memcmp(indata + ((GET_UINT8_LE(indata+1) == 0x82) ? 4 : 5), - pkcs7_signed_data, sizeof(pkcs7_signed_data))) { + pkcs7_signed_data, sizeof pkcs7_signed_data)) { /* the maximum size of a supported cat file is (2^24 -1) bytes */ *type = FILE_TYPE_CAT; } else { @@ -4755,7 +4755,7 @@ static char *getpassword(const char *prompt) printf("Failed to set terminal attributes\n"); return NULL; } - p = fgets(passbuf, sizeof(passbuf), stdin); + p = fgets(passbuf, sizeof passbuf, stdin); if (tcsetattr(fileno(stdin), TCSANOW, &ofl) != 0) printf("Failed to restore terminal attributes\n"); if (!p) { @@ -4764,7 +4764,7 @@ static char *getpassword(const char *prompt) } passbuf[strlen(passbuf)-1] = 0x00; pass = OPENSSL_strdup(passbuf); - memset(passbuf, 0, sizeof(passbuf)); + memset(passbuf, 0, sizeof passbuf); return pass; #else return getpass(prompt); @@ -4783,7 +4783,7 @@ static int read_password(GLOBAL_OPTIONS *options) printf("Failed to open password file: %s\n", options->readpass); return 0; /* FAILED */ } - passlen = read(passfd, passbuf, sizeof(passbuf)-1); + passlen = read(passfd, passbuf, sizeof passbuf - 1); close(passfd); if (passlen <= 0) { printf("Failed to read password from file: %s\n", options->readpass); @@ -4791,7 +4791,7 @@ static int read_password(GLOBAL_OPTIONS *options) } passbuf[passlen] = 0x00; options->pass = OPENSSL_strdup(passbuf); - memset(passbuf, 0, sizeof(passbuf)); + memset(passbuf, 0, sizeof passbuf); #ifdef PROVIDE_ASKPASS } else if (options->askpass) { options->pass = getpassword("Password: "); @@ -5227,7 +5227,7 @@ static PKCS7 *get_sigfile(char *sigfile, file_type_t type) printf("Failed to open file: %s\n", sigfile); return NULL; /* FAILED */ } - if (sigfilesize >= sizeof(pemhdr) && !memcmp(insigdata, pemhdr, sizeof(pemhdr)-1)) { + if (sigfilesize >= sizeof pemhdr && !memcmp(insigdata, pemhdr, sizeof pemhdr - 1)) { sigbio = BIO_new_mem_buf(insigdata, sigfilesize); sig = PEM_read_bio_PKCS7(sigbio, NULL, NULL, NULL); BIO_free_all(sigbio); From cfb897a902e65d604911c76df2f2e89145bdbdc6 Mon Sep 17 00:00:00 2001 From: olszomal Date: Mon, 26 Apr 2021 11:35:19 +0200 Subject: [PATCH 2/2] handle unsuccessful termination exit (-1) --- osslsigncode.c | 196 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 155 insertions(+), 41 deletions(-) diff --git a/osslsigncode.c b/osslsigncode.c index 6b207f6..9e557ee 100644 --- a/osslsigncode.c +++ b/osslsigncode.c @@ -1181,7 +1181,6 @@ static void usage(const char *argv0, const char *cmd) printf("%12s[ -timestamp-expiration ]\n", ""); printf("%12s[ -verbose ]\n\n", ""); } - exit(-1); } static void help_for(const char *argv0, const char *cmd) @@ -1406,7 +1405,8 @@ typedef enum { CMD_REMOVE, CMD_VERIFY, CMD_ADD, - CMD_ATTACH + CMD_ATTACH, + CMD_HELP } cmd_type_t; @@ -1507,7 +1507,7 @@ static SpcLink *get_page_hash_link(int phtype, char *indata, FILE_HEADER *header header->fileend, phtype, &phlen); if (!ph) { printf("Failed to calculate page hash\n"); - exit(-1); + return NULL; /* FAILED */ } tohex(ph, hexbuf, (phlen < 32) ? phlen : 32); printf("Calculated page hash : %s ...\n", hexbuf); @@ -1564,7 +1564,7 @@ static SpcLink *get_page_hash_link(int phtype, char *indata, FILE_HEADER *header return link; } -static void get_indirect_data_blob(u_char **blob, int *len, GLOBAL_OPTIONS *options, +static int get_indirect_data_blob(u_char **blob, int *len, GLOBAL_OPTIONS *options, FILE_HEADER *header, file_type_t type, char *indata) { u_char *p; @@ -1593,10 +1593,14 @@ static void get_indirect_data_blob(u_char **blob, int *len, GLOBAL_OPTIONS *opti SpcPeImageData *pid = SpcPeImageData_new(); ASN1_BIT_STRING_set(pid->flags, (unsigned char*)"0", 0); if (options->pagehash) { + SpcLink *link; phtype = NID_sha1; if (EVP_MD_size(options->md) > EVP_MD_size(EVP_sha1())) phtype = NID_sha256; - pid->file = get_page_hash_link(phtype, indata, header); + link = get_page_hash_link(phtype, indata, header); + if (!link) + return 0; /* FAILED */ + pid->file = link; } else { pid->file = get_obsolete_link(); } @@ -1623,7 +1627,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, GLOBAL_OPTIONS *opti SpcSipInfo_free(si); } else { printf("Unexpected file type: %d\n", type); - exit(1); + return 0; /* FAILED */ } idc->data->type = dtype; @@ -1645,6 +1649,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, GLOBAL_OPTIONS *opti i2d_SpcIndirectDataContent(idc, &p); SpcIndirectDataContent_free(idc); *len -= EVP_MD_size(options->md); + return 1; /* OK */ } static int set_signing_blob(PKCS7 *sig, BIO *hash, unsigned char *buf, int len) @@ -1728,7 +1733,8 @@ static int set_indirect_data_blob(PKCS7 *sig, BIO *hash, file_type_t type, u_char *p = NULL; int len = 0; - get_indirect_data_blob(&p, &len, options, header, type, indata); + if (!get_indirect_data_blob(&p, &len, options, header, type, indata)) + return 0; /* FAILED */ memcpy(buf, p, len); OPENSSL_free(p); if (!set_signing_blob(sig, hash, buf, len)) @@ -5450,9 +5456,10 @@ static cmd_type_t get_command(char **argv) if (!strcmp(argv[1], "--help")) { print_version(); help_for(argv[0], "all"); + return CMD_HELP; } else if (!strcmp(argv[1], "-v") || !strcmp(argv[1], "--version")) { print_version(); - exit(-1); + return CMD_HELP; } else if (!strcmp(argv[1], "sign")) return CMD_SIGN; else if (!strcmp(argv[1], "extract-signature")) @@ -5486,68 +5493,122 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS options->signing_time = INVALID_TIME; options->jp = -1; + if (*cmd == CMD_HELP) { + return 0; /* FAILED */ + } if (*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) { options->cafile = get_cafile(); options->untrusted = get_cafile(); } for (argc--,argv++; argc >= 1; argc--,argv++) { if (!strcmp(*argv, "-in")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->infile = *(++argv); } else if (!strcmp(*argv, "-out")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->outfile = *(++argv); } else if (!strcmp(*argv, "-sigin")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->sigfile = *(++argv); } else if ((*cmd == CMD_SIGN) && (!strcmp(*argv, "-spc") || !strcmp(*argv, "-certs"))) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->certfile = *(++argv); } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-ac")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->xcertfile = *(++argv); } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-key")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->keyfile = *(++argv); } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs12")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->pkcs12file = *(++argv); } else if ((*cmd == CMD_EXTRACT) && !strcmp(*argv, "-pem")) { options->output_pkcs7 = 1; #ifndef OPENSSL_NO_ENGINE } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11cert")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->p11cert = *(++argv); } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11engine")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->p11engine = *(++argv); } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11module")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->p11module = *(++argv); #endif /* OPENSSL_NO_ENGINE */ } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-pass")) { - if (options->askpass || options->readpass) usage(argv0, "all"); - if (--argc < 1) usage(argv0, "all"); + if (options->askpass || options->readpass) { + usage(argv0, "all"); + return 0; /* FAILED */ + } + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->pass = OPENSSL_strdup(*(++argv)); memset(*argv, 0, strlen(*argv)); #ifdef PROVIDE_ASKPASS } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-askpass")) { - if (options->pass || options->readpass) usage(argv0, "all"); + if (options->pass || options->readpass) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->askpass = 1; #endif } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-readpass")) { - if (options->askpass || options->pass) usage(argv0, "all"); - if (--argc < 1) usage(argv0, "all"); + if (options->askpass || options->pass) { + usage(argv0, "all"); + return 0; /* FAILED */ + } + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->readpass = *(++argv); } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-comm")) { options->comm = 1; } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-ph")) { options->pagehash = 1; } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-n")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->desc = *(++argv); } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-h")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } ++argv; if (!strcmp(*argv, "md5")) { options->md = EVP_md5(); @@ -5561,22 +5622,38 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS options->md = EVP_sha512(); } else { usage(argv0, "all"); + return 0; /* FAILED */ } } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-i")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->url = *(++argv); } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "-st")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->signing_time = (time_t)strtoul(*(++argv), NULL, 10); #ifdef ENABLE_CURL } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD) && !strcmp(*argv, "-t")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->turl[options->nturl++] = *(++argv); } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD) && !strcmp(*argv, "-ts")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->tsurl[options->ntsurl++] = *(++argv); } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD) && !strcmp(*argv, "-p")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->proxy = *(++argv); } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD) && !strcmp(*argv, "-noverifypeer")) { options->noverifypeer = 1; @@ -5592,40 +5669,73 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS } else if ((*cmd == CMD_SIGN || *cmd == CMD_ADD || *cmd == CMD_ATTACH) && !strcmp(*argv, "-add-msi-dse")) { options->add_msi_dse = 1; } else if ((*cmd == CMD_VERIFY) && (!strcmp(*argv, "-c") || !strcmp(*argv, "-catalog"))) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->catalog = *(++argv); } else if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && !strcmp(*argv, "-CAfile")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } OPENSSL_free(options->cafile); options->cafile = OPENSSL_strdup(*++argv); } else if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && !strcmp(*argv, "-CRLfile")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->crlfile = OPENSSL_strdup(*++argv); } else if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && !strcmp(*argv, "-CRLuntrusted")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->crluntrusted = OPENSSL_strdup(*++argv); } else if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && !strcmp(*argv, "-untrusted")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } OPENSSL_free(options->untrusted); options->untrusted = OPENSSL_strdup(*++argv); } else if ((*cmd == CMD_VERIFY) && !strcmp(*argv, "-require-leaf-hash")) { - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } options->leafhash = (*++argv); } else if ((*cmd == CMD_ADD) && !strcmp(*argv, "--help")) { help_for(argv0, "add"); + *cmd = CMD_HELP; + return 0; /* FAILED */ } else if ((*cmd == CMD_ATTACH) && !strcmp(*argv, "--help")) { help_for(argv0, "attach-signature"); + *cmd = CMD_HELP; + return 0; /* FAILED */ } else if ((*cmd == CMD_EXTRACT) && !strcmp(*argv, "--help")) { help_for(argv0, "extract-signature"); + *cmd = CMD_HELP; + return 0; /* FAILED */ } else if ((*cmd == CMD_REMOVE) && !strcmp(*argv, "--help")) { help_for(argv0, "remove-signature"); + *cmd = CMD_HELP; + return 0; /* FAILED */ } else if ((*cmd == CMD_SIGN) && !strcmp(*argv, "--help")) { help_for(argv0, "sign"); + *cmd = CMD_HELP; + return 0; /* FAILED */ } else if ((*cmd == CMD_VERIFY) && !strcmp(*argv, "--help")) { help_for(argv0, "verify"); + *cmd = CMD_HELP; + return 0; /* FAILED */ } else if (!strcmp(*argv, "-jp")) { char *ap; - if (--argc < 1) usage(argv0, "all"); + if (--argc < 1) { + usage(argv0, "all"); + return 0; /* FAILED */ + } ap = *(++argv); for (i=0; ap[i]; i++) ap[i] = tolower((int)ap[i]); if (!strcmp(ap, "low")) { @@ -5635,7 +5745,10 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS } else if (!strcmp(ap, "high")) { options->jp = 2; } - if (options->jp != 0) usage(argv0, "all"); /* XXX */ + if (options->jp != 0) { /* XXX */ + usage(argv0, "all"); + return 0; /* FAILED */ + } } else { failarg = *argv; break; @@ -5669,6 +5782,7 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS if (failarg) printf("Unknown option: %s\n", failarg); usage(argv0, "all"); + return 0; /* FAILED */ } if ((*cmd == CMD_VERIFY || *cmd == CMD_ATTACH) && access(options->cafile, R_OK)) { @@ -5676,7 +5790,7 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS return 0; /* FAILED */ } - return 1; + return 1; /* OK */ } int main(int argc, char **argv) @@ -5913,8 +6027,8 @@ err_cleanup: free_options(&options); if (ret) ERR_print_errors_fp(stdout); - - printf(ret ? "Failed\n" : "Succeeded\n"); + if (cmd != CMD_HELP) + printf(ret ? "Failed\n" : "Succeeded\n"); return ret; }