Mickaël Salaün <mic@xxxxxxxxxxx> wrote: > When looking for a blacklisted hash, bin2hex() is used to transform a > binary hash to an ascii (lowercase) hexadecimal string. This string is > then search for in the description of the keys from the blacklist > keyring. When adding a key to the blacklist keyring, > blacklist_vet_description() checks the hash prefix and the hexadecimal > string, but not that this string is lowercase. It is then valid to set > hashes with uppercase hexadecimal, which will be silently ignored by the > kernel. > > Add an additional check to blacklist_vet_description() to check that > hexadecimal strings are in lowercase. I wonder if it would be a better idea to allow the keyring type to adjust the description string - in this instance to change it to all lowercase. David
