[RFC PATCH v3 03/13] clavis: Introduce a new system keyring called clavis
Jarkko Sakkinen
jarkko at kernel.org
Thu Oct 17 21:16:22 UTC 2024
On Thu, 2024-10-17 at 20:34 +0000, Eric Snowberg wrote:
>
>
> > On Oct 17, 2024, at 10:50 AM, Jarkko Sakkinen <jarkko at kernel.org>
> > wrote:
> >
> > On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> > > +static struct asymmetric_key_id *clavis_parse_boot_param(char
> > > *kid,
> > > struct asymmetric_key_id *akid,
> > > + int
> > > akid_max_len)
> > > +{
> > > + int error, hex_len;
> > > +
> > > + if (!kid)
> > > + return 0;
> > > +
> > > + hex_len = strlen(kid) / 2;
> >
> > Hmmm... I'd consider sanity checking this:
> >
> > size_t len;
> >
> > /* ... */
> >
> > len = strlen(kid);
> > if (len % 2) {
> > pr_err("Clavis key id has invalid length %lu\n", len);
> > return 0;
> > }
> >
> > hex_len = len / 2;
> >
>
> Good catch, I will include this in the next round. I have also added
> a kunit test
> for this as well. Thanks.
I guess hex2bin() would eventually catch this issue, i.e. not an actual
bug, but I still think that you are better off doing also check here and
get an appropriate message to klog if that ever happens :-)
BR, Jarkko
More information about the Linux-security-module-archive
mailing list