On Thu, Jan 14, 2021 at 04:19:01PM +0100, Mickaël Salaün wrote: > From: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx> > > When looking for a blacklisted hash, bin2hex() is used to transform a > binary hash to an ascii (lowercase) hexadecimal string. This string is > then search for in the description of the keys from the blacklist > keyring. When adding a key to the blacklist keyring, > blacklist_vet_description() checks the hash prefix and the hexadecimal > string, but not that this string is lowercase. It is then valid to set > hashes with uppercase hexadecimal, which will be silently ignored by the > kernel. > > Add an additional check to blacklist_vet_description() to check that > hexadecimal strings are in lowercase. > > Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx> > Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: David Howells <dhowells@xxxxxxxxxx> > Reviewed-by: Ben Boeckel <mathstuf@xxxxxxxxx> > --- > > Changes since v2: > * Cherry-pick v1 patch from > https://lore.kernel.org/lkml/2659836.1607940186@xxxxxxxxxxxxxxxxxxxxxx/ > to rebase on v5.11-rc3. > * Rearrange Cc order. > --- > certs/blacklist.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/certs/blacklist.c b/certs/blacklist.c > index 2719fb2fbc1c..a888b934a1cd 100644 > --- a/certs/blacklist.c > +++ b/certs/blacklist.c > @@ -37,7 +37,7 @@ static int blacklist_vet_description(const char *desc) > found_colon: > desc++; > for (; *desc; desc++) { > - if (!isxdigit(*desc)) > + if (!isxdigit(*desc) || isupper(*desc)) > return -EINVAL; > n++; > } > -- > 2.30.0 > Shouldn't this rather convert the upper case to lower case? I don't like the ABI break that this causes. /Jarkko
