* [PATCH 5/5] dns_key: add a function to verify the key description
@ 2018-09-27 13:14 Ben Boeckel
2018-09-27 17:15 ` David Howells
2018-09-27 18:39 ` Ben Boeckel
0 siblings, 2 replies; 3+ messages in thread
From: Ben Boeckel @ 2018-09-27 13:14 UTC (permalink / raw)
To: keyrings
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
---
net/dns_resolver/dns_key.c | 44 ++++++++++++++++++++++++++++++--------
1 file changed, 35 insertions(+), 9 deletions(-)
diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
index 7f4534828f6c..7366f12c7e51 100644
--- a/net/dns_resolver/dns_key.c
+++ b/net/dns_resolver/dns_key.c
@@ -45,6 +45,31 @@ const struct cred *dns_resolver_cache;
#define DNS_ERRORNO_OPTION "dnserror"
+/*
+ * The description must be of an optional type prefix and colon followed by the
+ * name to lookup. By default, the query type is a hostname to IP lookup.
+ */
+static int
+dns_resolver_vet_description(const char *desc)
+{
+ if (!*desc)
+ return -EINVAL;
+ if (*desc = ':')
+ return -EINVAL;
+ for (; *desc; desc++)
+ if (*desc = ':')
+ goto found_colon;
+ goto no_colon;
+
+found_colon:
+ desc++;
+ if (!*desc)
+ return -EINVAL;
+
+no_colon:
+ return 0;
+}
+
/*
* Preparse instantiation data for a dns_resolver key.
*
@@ -252,15 +277,16 @@ static long dns_resolver_read(const struct key *key,
}
struct key_type key_type_dns_resolver = {
- .name = "dns_resolver",
- .preparse = dns_resolver_preparse,
- .free_preparse = dns_resolver_free_preparse,
- .instantiate = generic_key_instantiate,
- .match_preparse = dns_resolver_match_preparse,
- .revoke = user_revoke,
- .destroy = user_destroy,
- .describe = dns_resolver_describe,
- .read = dns_resolver_read,
+ .name = "dns_resolver",
+ .vet_description = dns_resolver_vet_description,
+ .preparse = dns_resolver_preparse,
+ .free_preparse = dns_resolver_free_preparse,
+ .instantiate = generic_key_instantiate,
+ .match_preparse = dns_resolver_match_preparse,
+ .revoke = user_revoke,
+ .destroy = user_destroy,
+ .describe = dns_resolver_describe,
+ .read = dns_resolver_read,
};
static int __init init_dns_resolver(void)
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 5/5] dns_key: add a function to verify the key description
2018-09-27 13:14 [PATCH 5/5] dns_key: add a function to verify the key description Ben Boeckel
@ 2018-09-27 17:15 ` David Howells
2018-09-27 18:39 ` Ben Boeckel
1 sibling, 0 replies; 3+ messages in thread
From: David Howells @ 2018-09-27 17:15 UTC (permalink / raw)
To: keyrings
You can actually vet the description in ->preparse(). ->vet_description() is
redundant if all key types implement ->preparse().
David
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 5/5] dns_key: add a function to verify the key description
2018-09-27 13:14 [PATCH 5/5] dns_key: add a function to verify the key description Ben Boeckel
2018-09-27 17:15 ` David Howells
@ 2018-09-27 18:39 ` Ben Boeckel
1 sibling, 0 replies; 3+ messages in thread
From: Ben Boeckel @ 2018-09-27 18:39 UTC (permalink / raw)
To: keyrings
On Thu, Sep 27, 2018 at 18:15:19 +0100, David Howells wrote:
> You can actually vet the description in ->preparse(). ->vet_description() is
> redundant if all key types implement ->preparse().
Would it be better to do so in ->preparse() then? Currently the only
place it is verified (that I can find) is in the userspace
key.dns_resovler.
--Ben
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-27 18:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-27 13:14 [PATCH 5/5] dns_key: add a function to verify the key description Ben Boeckel
2018-09-27 17:15 ` David Howells
2018-09-27 18:39 ` Ben Boeckel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.