| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aKpV5fk5X-plntzk@kernel.org>
Date: Sun, 24 Aug 2025 02:59:33 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: David Howells <dhowells@...hat.com>
Cc: keyrings@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/7] request-key: Fix mishandling of last line of config
file
On Fri, Aug 22, 2025 at 03:22:09PM +0100, David Howells wrote:
> Fix mishandling of the config file by /sbin/request-key whereby the last
> line of a file, if it is lacking a newline, will trim off the last
> character and then try and use that. Return an error instead if we find a
> line without a newline char at the end.
>
> Signed-off-by: David Howells <dhowells@...hat.com>
> ---
> request-key.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/request-key.c b/request-key.c
> index bf47c0a..d1feec3 100644
> --- a/request-key.c
> +++ b/request-key.c
> @@ -367,6 +367,8 @@ static void scan_conf_file(struct parameters *params, int dirfd, const char *con
> /* ignore blank lines and comments */
> if (len == 1 || buf[0] == '#' || isspace(buf[0]))
> continue;
> + if (len == 0 || buf[len - 1] != '\n')
> + line_error("Line missing newline\n");
>
> buf[--len] = 0;
> p = buf;
>
Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
Looks good to me. And the next question is not directly related to
this patch per se.
Just a hypothetical question. What if for spurious reasons the config
file would have carriage returns?
BR, Jarkko
Powered by blists - more mailing lists