linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jarkko Sakkinen <jarkko@kernel.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: "David Howells" <dhowells@redhat.com>,
	"David Woodhouse" <dwmw2@infradead.org>,
	"David S . Miller" <davem@davemloft.net>,
	"Eric Snowberg" <eric.snowberg@oracle.com>,
	"Herbert Xu" <herbert@gondor.apana.org.au>,
	"James Morris" <jmorris@namei.org>,
	"Mickaël Salaün" <mic@linux.microsoft.com>,
	"Mimi Zohar" <zohar@linux.ibm.com>,
	"Serge E . Hallyn" <serge@hallyn.com>,
	"Tyler Hicks" <tyhicks@linux.microsoft.com>,
	keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH v7 3/5] certs: Make blacklist_vet_description() more strict
Date: Fri, 22 Apr 2022 11:54:39 +0300	[thread overview]
Message-ID: <YmJtT/lOmxEwPMDD@kernel.org> (raw)
In-Reply-To: <329a078d-29e3-e41e-3118-cd8f3e00b003@digikod.net>

On Thu, Apr 21, 2022 at 07:29:10PM +0200, Mickaël Salaün wrote:
> 
> On 21/04/2022 17:57, Jarkko Sakkinen wrote:
> > On Thu, Apr 21, 2022 at 05:27:42PM +0200, Mickaël Salaün wrote:
> > > 
> > > On 21/04/2022 17:12, Jarkko Sakkinen wrote:
> > > > On Wed, Apr 20, 2022 at 11:29:08AM +0100, David Howells wrote:
> > > > > Mickaël Salaün <mic@digikod.net> wrote:
> > > > > 
> > > > > > +	/* The following algorithm only works if prefix lengths match. */
> > > > > > +	BUILD_BUG_ON(sizeof(tbs_prefix) != sizeof(bin_prefix));
> > > > > > +	prefix_len = sizeof(tbs_prefix) - 1;
> > > > > > +	for (i = 0; *desc; desc++, i++) {
> > > > > > +		if (*desc == ':') {
> > > > > > +			if (tbs_step == prefix_len)
> > > > > > +				goto found_colon;
> > > > > > +			if (bin_step == prefix_len)
> > > > > > +				goto found_colon;
> > > > > > +			return -EINVAL;
> > > > > > +		}
> > > > > > +		if (i >= prefix_len)
> > > > > > +			return -EINVAL;
> > > > > > +		if (*desc == tbs_prefix[i])
> > > > > > +			tbs_step++;
> > > > > > +		if (*desc == bin_prefix[i])
> > > > > > +			bin_step++;
> > > > > > +	}
> > > > > 
> > > > > I wonder if:
> > > > > 
> > > > > 	static const char tbs_prefix[] = "tbs:";
> > > > > 	static const char bin_prefix[] = "bin:";
> > > > > 
> > > > > 	if (strncmp(desc, tbs_prefix, sizeof(tbs_prefix) - 1) == 0 ||
> > > > > 	    strncmp(desc, bin_prefix, sizeof(bin_prefix) - 1) == 0)
> > > > > 		goto found_colon;
> > > > > 
> > > > > might be better.
> > > > > 
> > > > > David
> > > > 
> > > > I think it'd be.
> > > > 
> > > > BR, Jarkko
> > > 
> > > I'm confused. Didn't you plan to send this patch series before v5.18-rc2?
> > > It's been a while since I started working on this.
> > 
> > That was my original plan but due to some other things, I've sent
> > a PR for rc4. I CC'd you to the PR.
> 
> OK, I missed it. My micro-optimization isn't worth it, strncmp is much
> simple indeed.

Yeah, anyway, it's fine to submit this as a separate cleanup.

It's anyway working and tested code.

BR, Jarkko

      reply	other threads:[~2022-04-22  8:56 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-12 17:12 [PATCH v7 0/5] Enable root to update the blacklist keyring Mickaël Salaün
2021-03-12 17:12 ` [PATCH v7 1/5] tools/certs: Add print-cert-tbs-hash.sh Mickaël Salaün
2021-03-15 16:57   ` Eric Snowberg
2021-03-12 17:12 ` [PATCH v7 2/5] certs: Check that builtin blacklist hashes are valid Mickaël Salaün
2021-03-13 18:53   ` Jarkko Sakkinen
2021-03-12 17:12 ` [PATCH v7 3/5] certs: Make blacklist_vet_description() more strict Mickaël Salaün
2021-03-12 17:12 ` [PATCH v7 4/5] certs: Factor out the blacklist hash creation Mickaël Salaün
2021-03-13 18:54   ` Jarkko Sakkinen
2021-03-12 17:12 ` [PATCH v7 5/5] certs: Allow root user to append signed hashes to the blacklist keyring Mickaël Salaün
2021-03-15 16:59   ` Eric Snowberg
2021-03-15 18:01     ` Mickaël Salaün
2021-03-17 14:48       ` Eric Snowberg
2021-03-17 15:45         ` Mickaël Salaün
2021-03-25 11:36 ` [PATCH v7 0/5] Enable root to update " Mickaël Salaün
2021-04-07 17:21 ` Mickaël Salaün
2021-05-04 10:31   ` Mickaël Salaün
2022-04-20 10:29 ` [PATCH v7 3/5] certs: Make blacklist_vet_description() more strict David Howells
2022-04-21 15:12   ` Jarkko Sakkinen
2022-04-21 15:27     ` Mickaël Salaün
2022-04-21 15:57       ` Jarkko Sakkinen
2022-04-21 17:29         ` Mickaël Salaün
2022-04-22  8:54           ` Jarkko Sakkinen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YmJtT/lOmxEwPMDD@kernel.org \
    --to=jarkko@kernel.org \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=dwmw2@infradead.org \
    --cc=eric.snowberg@oracle.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jmorris@namei.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mic@digikod.net \
    --cc=mic@linux.microsoft.com \
    --cc=serge@hallyn.com \
    --cc=tyhicks@linux.microsoft.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).