From d8214b522a3cc72cd4639a1dd114103a02e9218c Mon Sep 17 00:00:00 2001
From: Vladimir Stoiakin <VStoiakin@lavabit.com>
Date: Tue, 6 May 2025 15:03:58 +0300
Subject: [PATCH] unl0kr-agent: check exit code of a child process

If the call to execv() is failed (/usr/bin/unl0kr is absent, for example), the child process will exit with EXIT_FAILURE.
But since the agent does not check the exit code, it will not notice the problem and will return an empty password to systemd.
When the password is used to unlock a PKCS#11 or FIDO2 token, we can waste a limited number of tries or lock the token entirely.
The patch adds a check to avoid this sutuation.
---
 unl0kr/unl0kr-agent.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/unl0kr/unl0kr-agent.c b/unl0kr/unl0kr-agent.c
index 9e22274..4598422 100644
--- a/unl0kr/unl0kr-agent.c
+++ b/unl0kr/unl0kr-agent.c
@@ -458,9 +458,9 @@ int exec_unl0kr(char** ret_password)
         goto exit2;
     }
 
-    if (!WIFEXITED(status)) {
+    if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
         ret = ECHILD;
-        fprintf(stderr, "unl0kr terminated abnormally\n");
+        fprintf(stderr, "unl0kr is failed\n");
         goto exit2;
     }