Resolve linking issues - ensuring cve-check-tool works with full RELRO

Ikey Doherty · Ikey Doherty · commit a9d366adb718 · 2015-08-07T15:54:13.000+01:00
This is currently the temporary path we'll use, as and when the packaging
implementations switch to plugins, we can drop the current callback mechanism,
abstract util.*, and query supported package types and then determine the
plugin we'll use for the lifetime of this operation.

Signed-off-by: Ikey Doherty &lt;michael.i.doherty@intel.com&gt;
diff --git a/src/library/cve-check-tool.h b/src/library/cve-check-tool.h
@@ -19,10 +19,21 @@
 
 #include "core.h"
 
+/**
+ * Distro implementations need to add packages to the interest list
+ * before we will check them for CVEs. This will actually call back to
+ * the self->examine function, and add the parsed package into the
+ * current list.
+ *
+ * @param path Full legal path to the source package
+ */
+ 
+typedef void (*cve_add_callback)(const char *);
+
 /**
  * Function to yield all applicable sources.
  */
-typedef void (*cve_locate_sources)(const char*, bool);
+typedef void (*cve_locate_sources)(const char*, bool, cve_add_callback);
 
 /**
  * Determine if a package has already patched a vulnerability
@@ -72,13 +83,3 @@ typedef struct CveCheckTool {
  * Remotely exploitable
  */
 #define ACCESS_VECTOR_NETWORK   "NETWORK"
-
-/**
- * Distro implementations need to add packages to the interest list
- * before we will check them for CVEs. This will actually call back to
- * the self->examine function, and add the parsed package into the
- * current list.
- *
- * @param path Full legal path to the source package
- */
-void cve_add_package(const char *path);
diff --git a/src/library/util.c b/src/library/util.c
@@ -32,14 +32,18 @@
 
 DEF_AUTOFREE(char, free)
 
-bool find_sources(const char *path, package_match_func match, bool recurse)
+bool find_sources(const char *path, package_match_func match, bool recurse, cve_add_callback cb)
 {
         struct stat st = {.st_ino = 0};
         bool ret = false;
         DIR *dir = NULL;
         struct dirent *ent = NULL;
         char *fullp = NULL;
 
+        if (!cb) {
+                return false;
+        }
+
         if (!match) {
                 return false;
         }
@@ -61,14 +65,14 @@ bool find_sources(const char *path, package_match_func match, bool recurse)
                                         goto end;
                                 }
                                 if (!(cve_is_dir(fullp) && !recurse)) {
-                                        find_sources(fullp, match, recurse);
+                                        find_sources(fullp, match, recurse, cb);
                                 }
                                 free(fullp);
                         }
                 }
         } else if (S_ISREG(st.st_mode)) {
                 if (match(path)) {
-                        cve_add_package(path);
+                        cb(path);
                 }
         }
 
diff --git a/src/library/util.h b/src/library/util.h
@@ -78,8 +78,9 @@ int64_t parse_xml_date(const char *date);
  * @param directory Base directory to recurse
  * @param match A function to determine "matching" source packages
  * @param recurse Whether we can recurse the given directory
+ * @param cb A callback to execute when we encounter a matching package
  */
-bool find_sources(const char *directory, package_match_func match, bool recurse);
+bool find_sources(const char *directory, package_match_func match, bool recurse, cve_add_callback cb);
 
 /**
  * Implemented in a *similar* fashion to how g_autoptr is intended to
diff --git a/src/main.c b/src/main.c
@@ -52,7 +52,7 @@ DEF_AUTOFREE(char, free)
 #define streq(x,y) strcmp(x,y) == 0
 
 
-static void cve_add_package_internal(struct source_package_t *pkg)
+void cve_add_package_internal(struct source_package_t *pkg)
 {
         GList *issues = NULL, *em = NULL;
         gchar *cur_id = NULL;
@@ -590,7 +590,7 @@ int main(int argc, char **argv)
                 /* Attempt to add a single package.. */
                 if (cve_is_dir(target)) {
                         /* Recurse.. */
-                        self->locate(target, true);
+                        self->locate(target, true, &cve_add_package);
                 } else {
                         cve_add_package(target);
                 }
@@ -677,7 +677,7 @@ int main(int argc, char **argv)
                                         goto cleanup;
                                 }
                         }
-                        self->locate(path, false);
+                        self->locate(path, false, &cve_add_package);
 clean:
                         free(buf);
                         buf = NULL;
diff --git a/src/packaging/eopkg.c b/src/packaging/eopkg.c
@@ -156,7 +156,7 @@ bool eopkg_is_package(const char *filename)
         return g_str_has_suffix((const gchar*)filename, "pspec.xml") || g_str_has_suffix((const gchar*)filename, "pspec_x86_64.xml");
 }
 
-void eopkg_locate_sources(const char *directory, bool recurse)
+void eopkg_locate_sources(const char *directory, bool recurse, cve_add_callback cb)
 {
-        find_sources(directory, &eopkg_is_package, recurse);
+        find_sources(directory, &eopkg_is_package, recurse, cb);
 }
diff --git a/src/packaging/eopkg.h b/src/packaging/eopkg.h
@@ -24,6 +24,6 @@ struct source_package_t *eopkg_inspect_pspec(const char *filename);
 bool eopkg_is_patched(struct source_package_t *pkg, char *id);
 bool eopkg_is_ignored(struct source_package_t *pkg, char *id);
 
-void eopkg_locate_sources(const char *directory, bool recurse);
+void eopkg_locate_sources(const char *directory, bool recurse, cve_add_callback cb);
 
 bool eopkg_is_package(const char *filename);
diff --git a/src/packaging/pkgbuild.c b/src/packaging/pkgbuild.c
@@ -111,7 +111,7 @@ bool pkgbuild_is_package(const char *filename)
         return g_str_has_suffix((const gchar*)filename, "PKGBUILD");
 }
 
-void pkgbuild_locate_sources(const char *directory, bool recurse)
+void pkgbuild_locate_sources(const char *directory, bool recurse, cve_add_callback cb)
 {
-        find_sources(directory, &pkgbuild_is_package, recurse);
+        find_sources(directory, &pkgbuild_is_package, recurse, cb);
 }
diff --git a/src/packaging/pkgbuild.h b/src/packaging/pkgbuild.h
@@ -23,6 +23,6 @@ struct source_package_t *pkgbuild_inspect_spec(const char *filename);
 
 bool pkgbuild_is_patched(struct source_package_t *pkg, char *id);
 
-void pkgbuild_locate_sources(const char *directory, bool recurse);
+void pkgbuild_locate_sources(const char *directory, bool recurse, cve_add_callback cb);
 
 bool pkgbuild_is_package(const char *filename);
diff --git a/src/packaging/rpm.c b/src/packaging/rpm.c
@@ -330,7 +330,7 @@ bool rpm_is_package(const char *filename)
         return g_str_has_suffix((const gchar*)filename, ".spec");
 }
 
-void rpm_locate_sources(const char *directory, bool recurse)
+void rpm_locate_sources(const char *directory, bool recurse, cve_add_callback cb)
 {
-        find_sources(directory, &rpm_is_package, recurse);
+        find_sources(directory, &rpm_is_package, recurse, cb);
 }
diff --git a/src/packaging/rpm.h b/src/packaging/rpm.h
@@ -39,6 +39,6 @@ bool srpm_is_ignored(struct source_package_t *t, char *id);
 bool rpm_is_patched(struct source_package_t *pkg, char *id);
 bool rpm_is_ignored(struct source_package_t *pkg, char *id);
 
-void rpm_locate_sources(const char *directory, bool recurse);
+void rpm_locate_sources(const char *directory, bool recurse, cve_add_callback cb);
 
 bool rpm_is_package(const char *filename);
diff --git a/src/update-main.c b/src/update-main.c
@@ -48,13 +48,6 @@ static GOptionEntry _entries[] = {
         { .short_name = 0 }
 };
 
-/**
- * TODO: Remove these symbol issues by further refactoring
- */
-void cve_add_package(__attribute__ ((unused)) const char *path)
-{
-}
-
 /**
  * Main entry.
  */
diff --git a/tests/check-core.c b/tests/check-core.c
@@ -23,14 +23,6 @@
 
 #include "config.h"
 
-/**
- * Kept here as a no-op for now (linking)
- */
-void cve_add_package(__attribute__((unused)) const char *path)
-{
-
-}
-
 /**
  * Ensure parse_xml_date works
  */
diff --git a/tests/check-database.c b/tests/check-database.c
@@ -25,13 +25,6 @@
 
 #include "config.h"
 
-/**
- * Kept here as a no-op for now (linking)
- */
-void cve_add_package(__attribute__((unused)) const char *path)
-{
-}
-
 START_TEST(cve_database_new)
 {
         CveDB *db = NULL;
diff --git a/tests/check-jira-plugin.c b/tests/check-jira-plugin.c
@@ -36,14 +36,6 @@ bool file_exists(const gchar *path)
         return((access(path,F_OK) != -1));
 }
 
-/**
- * Kept here as a no-op for now (linking)
- */
-void cve_add_package(__attribute__((unused)) const char *path)
-{
-
-}
-
 /* Check the plugin init function which includes parsing the config file */
 START_TEST(cve_jira_plugin_init_function)
 {
diff --git a/tests/check-packaging.c b/tests/check-packaging.c
@@ -25,9 +25,6 @@
 
 static int add_count = 0;
 
-/**
- * Kept here as a no-op for now (linking)
- */
 void cve_add_package(__attribute__((unused)) const char *path)
 {
         add_count++;
@@ -187,15 +184,15 @@ START_TEST(cve_packaging_test)
         fail_if(t != PACKAGE_TYPE_UNKNOWN, "Incorrect unknown package type detection");
 
         add_count = 0;
-        eopkg_locate_sources(TOP_DIR "/tests/dummy_data/eopkg", true);
+        eopkg_locate_sources(TOP_DIR "/tests/dummy_data/eopkg", true, &cve_add_package);
         fail_if(add_count != 1, "Failed to locate eopkg sources");
 
         add_count = 0;
-        rpm_locate_sources(TOP_DIR "/tests/dummy_data/rpm", true);
+        rpm_locate_sources(TOP_DIR "/tests/dummy_data/rpm", true, &cve_add_package);
         fail_if(add_count != 2, "Failed to locate RPM sources");
 
         add_count = 0;
-        pkgbuild_locate_sources(TOP_DIR "/tests/dummy_data/pkgbuild", true);
+        pkgbuild_locate_sources(TOP_DIR "/tests/dummy_data/pkgbuild", true, &cve_add_package);
         fail_if(add_count != 1, "Failed to locate PKGBUILD sources");
 }
 END_TEST
diff --git a/tests/check-template.c b/tests/check-template.c
@@ -18,14 +18,6 @@
 
 #include "config.h"
 
-/**
- * Kept here as a no-op for now (linking)
- */
-void cve_add_package(__attribute__((unused)) const char *path)
-{
-
-}
-
 START_TEST(cve_template_basic)
 {
         gchar *ret = NULL;

Original file line number	Diff line number	Diff line change
`@@ -32,14 +32,18 @@`
`32`	`32`
`33`	`33`	`DEF_AUTOFREE(char, free)`
`34`	`34`
`35`		`-bool find_sources(const char *path, package_match_func match, bool recurse)`
	`35`	`+bool find_sources(const char *path, package_match_func match, bool recurse, cve_add_callback cb)`
`36`	`36`	`{`
`37`	`37`	`struct stat st = {.st_ino = 0};`
`38`	`38`	`bool ret = false;`
`39`	`39`	`DIR *dir = NULL;`
`40`	`40`	`struct dirent *ent = NULL;`
`41`	`41`	`char *fullp = NULL;`
`42`	`42`
	`43`	`+ if (!cb) {`
	`44`	`+ return false;`
	`45`	`+ }`
	`46`	`+`
`43`	`47`	`if (!match) {`
`44`	`48`	`return false;`
`45`	`49`	`}`
`@@ -61,14 +65,14 @@ bool find_sources(const char *path, package_match_func match, bool recurse)`
`61`	`65`	`goto end;`
`62`	`66`	`}`
`63`	`67`	`if (!(cve_is_dir(fullp) && !recurse)) {`
`64`		`- find_sources(fullp, match, recurse);`
	`68`	`+ find_sources(fullp, match, recurse, cb);`
`65`	`69`	`}`
`66`	`70`	`free(fullp);`
`67`	`71`	`}`
`68`	`72`	`}`
`69`	`73`	`} else if (S_ISREG(st.st_mode)) {`
`70`	`74`	`if (match(path)) {`
`71`		`- cve_add_package(path);`
	`75`	`+ cb(path);`
`72`	`76`	`}`
`73`	`77`	`}`
`74`	`78`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ DEF_AUTOFREE(char, free)`
`52`	`52`	`#define streq(x,y) strcmp(x,y) == 0`
`53`	`53`
`54`	`54`
`55`		`-static void cve_add_package_internal(struct source_package_t *pkg)`
	`55`	`+void cve_add_package_internal(struct source_package_t *pkg)`
`56`	`56`	`{`
`57`	`57`	`GList issues = NULL, em = NULL;`
`58`	`58`	`gchar *cur_id = NULL;`
`@@ -590,7 +590,7 @@ int main(int argc, char **argv)`
`590`	`590`	`/* Attempt to add a single package.. */`
`591`	`591`	`if (cve_is_dir(target)) {`
`592`	`592`	`/* Recurse.. */`
`593`		`- self->locate(target, true);`
	`593`	`+ self->locate(target, true, &cve_add_package);`
`594`	`594`	`} else {`
`595`	`595`	`cve_add_package(target);`
`596`	`596`	`}`
`@@ -677,7 +677,7 @@ int main(int argc, char **argv)`
`677`	`677`	`goto cleanup;`
`678`	`678`	`}`
`679`	`679`	`}`
`680`		`- self->locate(path, false);`
	`680`	`+ self->locate(path, false, &cve_add_package);`
`681`	`681`	`clean:`
`682`	`682`	`free(buf);`
`683`	`683`	`buf = NULL;`
Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ bool eopkg_is_package(const char *filename)`
`156`	`156`	`return g_str_has_suffix((const gchar)filename, "pspec.xml") \|\| g_str_has_suffix((const gchar)filename, "pspec_x86_64.xml");`
`157`	`157`	`}`
`158`	`158`
`159`		`-void eopkg_locate_sources(const char *directory, bool recurse)`
	`159`	`+void eopkg_locate_sources(const char *directory, bool recurse, cve_add_callback cb)`
`160`	`160`	`{`
`161`		`- find_sources(directory, &eopkg_is_package, recurse);`
	`161`	`+ find_sources(directory, &eopkg_is_package, recurse, cb);`
`162`	`162`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ bool pkgbuild_is_package(const char *filename)`
`111`	`111`	`return g_str_has_suffix((const gchar*)filename, "PKGBUILD");`
`112`	`112`	`}`
`113`	`113`
`114`		`-void pkgbuild_locate_sources(const char *directory, bool recurse)`
	`114`	`+void pkgbuild_locate_sources(const char *directory, bool recurse, cve_add_callback cb)`
`115`	`115`	`{`
`116`		`- find_sources(directory, &pkgbuild_is_package, recurse);`
	`116`	`+ find_sources(directory, &pkgbuild_is_package, recurse, cb);`
`117`	`117`	`}`
Original file line number	Diff line number	Diff line change
`@@ -330,7 +330,7 @@ bool rpm_is_package(const char *filename)`
`330`	`330`	`return g_str_has_suffix((const gchar*)filename, ".spec");`
`331`	`331`	`}`
`332`	`332`
`333`		`-void rpm_locate_sources(const char *directory, bool recurse)`
	`333`	`+void rpm_locate_sources(const char *directory, bool recurse, cve_add_callback cb)`
`334`	`334`	`{`
`335`		`- find_sources(directory, &rpm_is_package, recurse);`
	`335`	`+ find_sources(directory, &rpm_is_package, recurse, cb);`
`336`	`336`	`}`