On Fri, Sep 23, 2022 at 03:23:43PM -0700, Evan Green wrote: > On Tue, Sep 20, 2022 at 4:16 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > On Tue, Aug 23, 2022 at 03:25:23PM -0700, Evan Green wrote: > > > [...] > > > + ret = key_instantiate_and_link(key, keyinfo, strlen(keyinfo) + 1, NULL, > > > + NULL); > > > > You want to keep the trailing NUL byte here so it's easier to read back > > later? Reading it back will need to verify the trailing NUL regardless. > > (Does this get read back?) > > Are you referring to the trailing nul on keyinfo? The keyinfo string > is only used within this function, as key_instantiate_and_link() > receives it as a parameter string. I can see that > trusted_instantiate() also null-terminates the buffer defensively for > itself, but it still seemed prudent to hand in a terminated string. I > can remove the + 1 if you think it's better. No, I like having the trailing NUL byte -- it seems more robust that way. I just wanted to understand who the consumer was going to be. I'm clear now; thank you! :) -- Kees Cook
