| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Apr 2022 11:29:08 +0100
From: David Howells <dhowells@...hat.com>
To: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@...ikod.net>
Cc: dhowells@...hat.com, David Woodhouse <dwmw2@...radead.org>,
Jarkko Sakkinen <jarkko@...nel.org>,
"David S . Miller" <davem@...emloft.net>,
Eric Snowberg <eric.snowberg@...cle.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
James Morris <jmorris@...ei.org>,
=?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?=
<mic@...ux.microsoft.com>, Mimi Zohar <zohar@...ux.ibm.com>,
"Serge E . Hallyn" <serge@...lyn.com>,
Tyler Hicks <tyhicks@...ux.microsoft.com>,
keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH v7 3/5] certs: Make blacklist_vet_description() more strict
Mickaël Salaün <mic@...ikod.net> wrote:
> + /* The following algorithm only works if prefix lengths match. */
> + BUILD_BUG_ON(sizeof(tbs_prefix) != sizeof(bin_prefix));
> + prefix_len = sizeof(tbs_prefix) - 1;
> + for (i = 0; *desc; desc++, i++) {
> + if (*desc == ':') {
> + if (tbs_step == prefix_len)
> + goto found_colon;
> + if (bin_step == prefix_len)
> + goto found_colon;
> + return -EINVAL;
> + }
> + if (i >= prefix_len)
> + return -EINVAL;
> + if (*desc == tbs_prefix[i])
> + tbs_step++;
> + if (*desc == bin_prefix[i])
> + bin_step++;
> + }
I wonder if:
static const char tbs_prefix[] = "tbs:";
static const char bin_prefix[] = "bin:";
if (strncmp(desc, tbs_prefix, sizeof(tbs_prefix) - 1) == 0 ||
strncmp(desc, bin_prefix, sizeof(bin_prefix) - 1) == 0)
goto found_colon;
might be better.
David
Powered by blists - more mailing lists