Re: [PATCH v6 3/6] KEYS: make partial key id matching as a dedicated function
From: Mimi Zohar
Date: Mon Jun 30 2014 - 15:21:00 EST
On Mon, 2014-06-30 at 16:14 +0300, Dmitry Kasatkin wrote:
> On 27/06/14 16:38, David Howells wrote:
> > Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> >
> >> + if (strncmp(id, "id:", 3) == 0)
>
> >> Use memcmp() here.
>
> 'id' function parameter comes from "keys_ownerid" kernel parameter.
> User can supply anything shorter than "id:".
> Though comparing 3 bytes should not produce any memory access errors,
> memcmp can access beyond the length of the string.
> I think 'strcnmp' is more appropriate here...
>
>
> >> - kid += kidlen - idlen;
> >> - if (strcasecmp(id, kid) != 0)
> >> - return 0;
> > This test is no longer applied in the "<subtype>:..." case.
>
> I did not get fully what you comment here or ask to do..
> But yes, with this patch, it is no longer the case.
Other than this comment, all of the other comments have been addressed.
The updated patches are available from
linux-integrity/next-trusted-keys.
thanks,
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/