On Thu, Jan 14, 2021 at 04:19:05PM +0100, Mickaël Salaün wrote: > From: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx> > > Before exposing this new key type to user space, make sure that only > meaningful blacklisted hashes are accepted. This is also checked for > builtin blacklisted hashes, but a following commit make sure that the > user will notice (at built time) and will fix the configuration if it > already included errors. > > Check that a blacklist key description starts with a valid prefix and > then a valid hexadecimal string. > > Cc: David Howells <dhowells@xxxxxxxxxx> > Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx> > Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx> > Acked-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> In this I'm not as worried about ABI, i.e. you don't have any reason supply any other data, which doesn't follow these ruels, whereas there could very well be a script that does format hex "incorrectly". /Jarkko
