| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220311072339.41306-1-chenjingwen6@huawei.com>
Date: Fri, 11 Mar 2022 15:23:39 +0800
From: Chen Jingwen <chenjingwen6@...wei.com>
To: Chen Jingwen <chenjingwen6@...wei.com>,
"linux-kernel @ vger . kernel . org" <linux-kernel@...r.kernel.org>,
"keyrings @ vger . kernel . org" <keyrings@...r.kernel.org>,
Mehmet Kayaalp <mkayaalp@...ux.vnet.ibm.com>,
David Howells <dhowells@...hat.com>,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
James Morris <jmorris@...ei.org>,
"Serge E . Hallyn" <serge@...lyn.com>
Subject: strncmp might be wrong used in insert-sys-cert.c
Hi, All.
When I scanned scripts/insert-sys-cert.c, I encounter that
> strncmp(cert_sym.content, cert, cert_size) == 0) {
> warn("Certificate was already inserted.\n");
> exit(EXIT_SUCCESS);
strncmp will stop if it sees b'\0'. I think should use memcmp here.
For example, we have two _different_ certificates,
one was already inserted and another one is being processed by insert-sys-cert.
In case both certificates start with the same and follow a '\0',
another new one won't be overridden, which is not expected, right?
Chen Jingwen
Powered by blists - more mailing lists