Re: [PATCH v6 3/6] KEYS: make partial key id matching as a dedicated function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2014-06-30 at 16:14 +0300, Dmitry Kasatkin wrote: 
> On 27/06/14 16:38, David Howells wrote:
> > Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> >
> >> +	if (strncmp(id, "id:", 3) == 0)
> 
> >> Use memcmp() here.
> 
> 'id' function parameter comes from "keys_ownerid" kernel parameter.
> User can supply anything shorter than "id:".
> Though comparing 3 bytes should not produce any memory access errors,
> memcmp can access beyond the length of the string.
> I think 'strcnmp' is more appropriate here...
> 
> 
> >> -	kid += kidlen - idlen;
> >> -	if (strcasecmp(id, kid) != 0)
> >> -		return 0;
> > This test is no longer applied in the "<subtype>:..." case.
> 
> I did not get fully what you comment here or ask to do..
> But yes, with this patch, it is no longer the case.

Other than this comment, all of the other comments have been addressed.
The updated patches are available from
linux-integrity/next-trusted-keys.

thanks,

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/




[Index of Archives]

  Powered by Linux

[Older Kernel Discussion]     [Yosemite National Park Forum]     [Large Format Photos]     [Gimp]     [Yosemite Photos]     [Stuff]     [Index of Other Archives]