Re: [RFC PATCH v3 05/13] clavis: Introduce a new key type called clavis_key_acl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Oct 18, 2024, at 10:55 AM, Ben Boeckel <me@xxxxxxxxxxxxxx> wrote:
> 
> On Fri, Oct 18, 2024 at 15:42:15 +0000, Eric Snowberg wrote:
>> 
>> This was done incase the end-user has a trailing carriage return at the
>> end of their ACL. I have updated the comment as follows:
>> 
>> +       /*
>> +        * Copy the user supplied contents, if uppercase is used, convert it to
>> +        * lowercase.  Also if the end of the ACL contains any whitespace, strip
>> +        * it out.
>> +        */
> 
> Well, this doesn't check the end for whitespace; any internal whitespace
> will terminate the key:
> 
>    DEAD BEEF
>        ^ becomes NUL
> 
> and results in the same thing as `DEAD` being passed.

Originally I was thinking I could extract and fix up the data in pkcs7_preparse_content,
later when key_acl_vet_description gets called do the validation. But I see 
your point that it is possible there could be a valid ACL, followed by a space and
some other data, which should trigger an invalid response.  I'll take care of this in
the next round too.  I'll also add a Kunit test for this one. Thanks.





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux