Re: [PATCH v7 3/5] certs: Make blacklist_vet_description() more strict

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 20, 2022 at 11:29:08AM +0100, David Howells wrote:
> Mickaël Salaün <mic@xxxxxxxxxxx> wrote:
> 
> > +	/* The following algorithm only works if prefix lengths match. */
> > +	BUILD_BUG_ON(sizeof(tbs_prefix) != sizeof(bin_prefix));
> > +	prefix_len = sizeof(tbs_prefix) - 1;
> > +	for (i = 0; *desc; desc++, i++) {
> > +		if (*desc == ':') {
> > +			if (tbs_step == prefix_len)
> > +				goto found_colon;
> > +			if (bin_step == prefix_len)
> > +				goto found_colon;
> > +			return -EINVAL;
> > +		}
> > +		if (i >= prefix_len)
> > +			return -EINVAL;
> > +		if (*desc == tbs_prefix[i])
> > +			tbs_step++;
> > +		if (*desc == bin_prefix[i])
> > +			bin_step++;
> > +	}
> 
> I wonder if:
> 
> 	static const char tbs_prefix[] = "tbs:";
> 	static const char bin_prefix[] = "bin:";
> 
> 	if (strncmp(desc, tbs_prefix, sizeof(tbs_prefix) - 1) == 0 ||
> 	    strncmp(desc, bin_prefix, sizeof(bin_prefix) - 1) == 0)
> 		goto found_colon;
> 
> might be better.
> 
> David

I think it'd be. 

BR, Jarkko



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux