Re: [PATCH v1 1/9] certs: Fix blacklisted hexadecimal hash string check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mickaël Salaün <mic@xxxxxxxxxxx> wrote:

> When looking for a blacklisted hash, bin2hex() is used to transform a
> binary hash to an ascii (lowercase) hexadecimal string.  This string is
> then search for in the description of the keys from the blacklist
> keyring.  When adding a key to the blacklist keyring,
> blacklist_vet_description() checks the hash prefix and the hexadecimal
> string, but not that this string is lowercase.  It is then valid to set
> hashes with uppercase hexadecimal, which will be silently ignored by the
> kernel.
> 
> Add an additional check to blacklist_vet_description() to check that
> hexadecimal strings are in lowercase.

I wonder if it would be a better idea to allow the keyring type to adjust the
description string - in this instance to change it to all lowercase.

David





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux