[systemd-devel] [PATCH 6/6] Add SHA1 hash sum to coredump report

Lennart Poettering lennart at poettering.net
Tue Feb 12 18:24:05 PST 2013


On Tue, 12.02.13 01:14, Oleksii Shevchuk (alxchk at gmail.com) wrote:

>  static int submit_process_core(struct iovec iovec[15], int idx,
>                                 const char * comm,
>                                 const int journal)
> @@ -61,6 +72,10 @@ static int submit_process_core(struct iovec iovec[15], int idx,
>          _cleanup_free_   char * corelink = NULL;
>          _cleanup_free_   char * t = NULL;
>  
> +#if defined(HAVE_GCRYPT)
> +        _cleanup_free_   char * h = NULL;
> +#endif
> +
>          if (journal) {
>                  mkdir_p_label("/var/lib/systemd/coredump", 0755);
>                  corelink = strdup("/var/lib/systemd/coredump/core.systemd-journald");
> @@ -152,6 +167,17 @@ journal:
>                          log_debug("chmod %s: %s", corepath, strerror(errno));
>                  }
>  
> +#if defined(HAVE_GCRYPT)
> +                __attribute__((cleanup(gcry_md_closep)))
> +                        gcry_md_hd_t HD;

Hmm, we try to avoid using gcc intrinsics directly, we always use macros
for that. But for particular cases like this it's probably better to not
use the cleanup stuff at all, rather than using a use-once macro. Just
clean up this thing in some "finish" label thingy.

> +                gcry_error_t gr = gcry_md_open (&HD, GCRY_MD_SHA1,
> 0);

Coding style. It's "foo()" rather than "foo ()".

> +                if (gr != GPG_ERR_NO_ERROR) {
> +                        log_error("Failed to initialize gcrypt hash context: %s",
> +                                  gpg_strerror(gr));
> +                        goto finish;
> +                }
> +#endif
> +
>                  for (;;) {
>                          uint8_t buffer[4096];
>                          size_t l, q;
> @@ -171,6 +197,9 @@ journal:
>                                  log_error("Failed to write coredump: %m");
>                                  goto finish;
>                          }
> +#if defined(HAVE_GCRYPT)
> +                        gcry_md_write(HD, buffer, l);
> +#endif
>                  }
>  
>                  fflush(corefile);
> @@ -190,6 +219,25 @@ journal:
>                  t = strjoin("COREDUMP_FILE=coredump/", corelink, NULL);
>                  if (t)
>                          IOVEC_SET_STRING(iovec[idx ++], t);
> +
> +#if defined(HAVE_GCRYPT)
> +                char * bh = hexstr(gcry_md_read(HD, GCRY_MD_SHA1),
>                  20);

Given the existing doubts about SHA1: if you already use a cryptographic
hash, maybe use SHA256 instead?

> +
> +                if (! bh) {
> +                        r = log_oom();
> +                        goto finish;
> +                }
> +
> +                h = strjoin("COREDUMP_FILE_SHA1=", bh, NULL);
> +                free(bh);
> +
> +                if (! h) {
> +                        r = log_oom();
> +                        goto finish;
> +                }
> +
> +                IOVEC_SET_STRING(iovec[idx ++], h);
> +#endif

Lennart

-- 
Lennart Poettering - Red Hat, Inc.


More information about the systemd-devel mailing list