[RFC PATCH v3 05/13] clavis: Introduce a new key type called clavis_key_acl
Eric Snowberg
eric.snowberg at oracle.com
Fri Oct 18 21:55:41 UTC 2024
> On Oct 18, 2024, at 10:55 AM, Ben Boeckel <me at benboeckel.net> wrote:
>
> On Fri, Oct 18, 2024 at 15:42:15 +0000, Eric Snowberg wrote:
>>
>> This was done incase the end-user has a trailing carriage return at the
>> end of their ACL. I have updated the comment as follows:
>>
>> + /*
>> + * Copy the user supplied contents, if uppercase is used, convert it to
>> + * lowercase. Also if the end of the ACL contains any whitespace, strip
>> + * it out.
>> + */
>
> Well, this doesn't check the end for whitespace; any internal whitespace
> will terminate the key:
>
> DEAD BEEF
> ^ becomes NUL
>
> and results in the same thing as `DEAD` being passed.
Originally I was thinking I could extract and fix up the data in pkcs7_preparse_content,
later when key_acl_vet_description gets called do the validation. But I see
your point that it is possible there could be a valid ACL, followed by a space and
some other data, which should trigger an invalid response. I'll take care of this in
the next round too. I'll also add a Kunit test for this one. Thanks.
More information about the Linux-security-module-archive
mailing list