From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 24 Oct 2023 20:54:39 +0000 (+0200)
Subject: cryptenroll: validate positional arguments before looking at detail parameters
X-Git-Tag: v255-rc1~144^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F29695%2Fhead;p=thirdparty%2Fsystemd.git

cryptenroll: validate positional arguments before looking at detail parameters

Let's switch the order in which we process positional arguments and
analyze/tweak detail parameters. Let's look at the positional arguments
first (i.e. the "big picture") and then look at the switches (i.e.
"little details").

THis doesn't matter much, but makes for better error messages I think.
At least I was very confused that a completely borked cmdline I passed
to cryptenrolled complained about some detail and let the major fuckup
pass...
---

diff --git a/src/cryptenroll/cryptenroll.c b/src/cryptenroll/cryptenroll.c
index 4362e435294..174247907da 100644
--- a/src/cryptenroll/cryptenroll.c
+++ b/src/cryptenroll/cryptenroll.c
@@ -474,6 +474,18 @@ static int parse_argv(int argc, char *argv[]) {
                 }
         }
 
+        if (optind >= argc)
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "No block device node specified, refusing.");
+
+        if (argc > optind+1)
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "Too many arguments, refusing.");
+
+        r = parse_path_argument(argv[optind], false, &arg_node);
+        if (r < 0)
+                return r;
+
         if (arg_enroll_type == ENROLL_FIDO2) {
 
                 if (arg_unlock_type == UNLOCK_FIDO2 && !(arg_fido2_device && arg_unlock_fido2_device))
@@ -488,18 +500,6 @@ static int parse_argv(int argc, char *argv[]) {
                 }
         }
 
-        if (optind >= argc)
-                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "No block device node specified, refusing.");
-
-        if (argc > optind+1)
-                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "Too many arguments, refusing.");
-
-        r = parse_path_argument(argv[optind], false, &arg_node);
-        if (r < 0)
-                return r;
-
         if (auto_public_key_pcr_mask && arg_tpm2_public_key) {
                 assert(arg_tpm2_public_key_pcr_mask == 0);
                 arg_tpm2_public_key_pcr_mask = INDEX_TO_MASK(uint32_t, TPM2_PCR_KERNEL_BOOT);