lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 05 Dec 2013 08:32:50 -0500
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	Roberto Sassu <roberto.sassu@...ito.it>
Cc:	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	linux-ima-devel@...ts.sourceforge.net, zohar@...ibm.com,
	d.kasatkin@...sung.com, james.l.morris@...cle.com
Subject: Re: [RFC][PATCH 4/4] ima: added support for new kernel cmdline
 parameter ima_template_fmt

On Thu, 2013-12-05 at 07:15 -0500, Mimi Zohar wrote:
> On Thu, 2013-12-05 at 09:49 +0100, Roberto Sassu wrote:
> > On 12/04/2013 10:05 PM, Mimi Zohar wrote:
> > > On Thu, 2013-11-07 at 15:00 +0100, Roberto Sassu wrote:

> > >> +static int __init ima_template_fmt_setup(char *str)
> > >> +{
> > >> +	int num_templates = ARRAY_SIZE(defined_templates);
> > >> +	char *str_ptr_start = str;
> > >> +	char *str_ptr_end = str_ptr_start;
> > >> +
> > >> +	if (ima_template)
> > >> +		return 1;
> > >> +
> > >> +	while (str_ptr_start != NULL) {
> > >> +		char field_id[IMA_TEMPLATE_FIELD_ID_MAX_LEN];
> > >> +		int len;
> > >> +
> > >> +		str_ptr_end = strpbrk(str_ptr_start, "|");
> > >> +		if (str_ptr_end == NULL)
> > >> +			len = str + strlen(str) - str_ptr_start;
> > >> +		else
> > >> +			len = str_ptr_end++ - str_ptr_start;
> > >> +
> > >> +		if (len >= IMA_TEMPLATE_FIELD_ID_MAX_LEN) {
> > >> +			pr_err("IMA: field too long, using template %s\n",
> > >> +			       CONFIG_IMA_DEFAULT_TEMPLATE);
> > >> +			return 1;
> > >> +		}
> > >> +
> > >> +		memcpy(field_id, str_ptr_start, len);
> > >> +		field_id[len] = '\0';
> > >> +		if (lookup_template_field(field_id) == NULL) {
> > >> +			pr_err("IMA: field '%s' not found, using template %s\n",
> > >> +			       field_id, CONFIG_IMA_DEFAULT_TEMPLATE);
> > >> +			return 1;
> > >> +		}
> > >> +
> > >> +		str_ptr_start = str_ptr_end;
> > >> +	}
> > >> +
> > >
> > > Roberto, looking this over again, I think this can be simplified by
> > > using strsep().
> > >
> > 
> > Hi Mimi
> > 
> > yes, the code can be simplified. However, I did not use strsep()
> > to avoid that this function modifies the kernel command line
> > (it replaces the passed separator character with '\0').
> > Since the custom format string is parsed again later, I also
> > have to revert changes made by strsep().
> 
> Somehow the code needs to be simplified and cleaned up.  For example,
> str_ptr_start/end need to be renamed to something simpler, like
> field/field_end or token/token_end. (Refer to Documentation/CodingStyle
> chapter 4 for variable naming style.)  Perhaps, instead of using
> strsep(), write a function to return a pointer to the field and field
> length.

Using lib/string.c:strcspn() might help.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ