Received: by 2002:ac2:48a3:0:0:0:0:0 with SMTP id u3csp564762lfg;
        Fri, 11 Mar 2022 13:26:42 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwXIWqSZ09oz6ry7tecvgeriHyMzsoEdfpeCzxJ6O77APhYOUBOG7X3F+2Q0oiKwOCqis72
X-Received: by 2002:a17:902:b906:b0:14f:76a0:ad48 with SMTP id bf6-20020a170902b90600b0014f76a0ad48mr12077662plb.79.1647034002602;
        Fri, 11 Mar 2022 13:26:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1647034002; cv=none;
        d=google.com; s=arc-20160816;
        b=bn4VG2Dvcu2Y4rUa1ISAGbDG9izozwFNDZpo5NMdyOQIbK1e9x1PlFGUlvWBtDRndk
         dr3YV/Oz//Qr9zZJFvjJYN2A7pxiloty4HlmaYYPxadA0En6Pzga2dEZCUS90tx+mk7s
         la4/PBjs6l5lbwnLkPc88clv82n/gUrsK0HJYxqZQSMlzxABo7WMjgK7Dty9mCKlWTVM
         BGRaZUnflBmpbCNsTNJmtDnEBkgIRL9pR8HXnXcsBlPKT6GlAM4/C2efau0q1qfiNeWt
         wNT3B0YwLxwY4/BuVnOjqmNvTtyzhmtLiYqu1sTQRHVGGyCrfJYrx2Z9uiWgUWYZKsKB
         cseg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:subject:to:from;
        bh=W9UtJ0TNTdG4Ui23xcal2X/zcgzlE1/SNoFVrvPCfS4=;
        b=EYqQxHf3ljdnSGV2PYKjNr9M8gKdM5GQHVUoYLVhFOCuyUXXvSFe/hSa+C4Pjyf8UB
         /0JDxgLfNpUxWS3/0k8aWqE+o8eRtnSwpn7gQ/k3kUmM8/XHA72QInfFL3XZESWyHoqq
         nkMXIMoKdfJhqGaYJliXT4YayshGyGlNxSWIghyzqeaWfWOC9+xf1lx2U9oLsHcjAt2z
         310jOvUYuyNFzeYtXFKAnrlv40QPILT/lqVNPfNSzZV/aFq5ZlA9zmoB6cR0pSEtRxjN
         pH74UqAPj5bPihpLX4AzBgx/DJdMiFF7Whqm6r5a3Dctn3U8RAHqt77N5PBwuLWd04By
         torw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id n7-20020a170902d2c700b001530c834dbesi8103202plc.421.2022.03.11.13.26.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 11 Mar 2022 13:26:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id A8E76233E46;
	Fri, 11 Mar 2022 13:01:09 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1347104AbiCKHYu (ORCPT <rfc822;shakeebbk@gmail.com> + 99 others);
        Fri, 11 Mar 2022 02:24:50 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39916 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1347091AbiCKHYs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 Mar 2022 02:24:48 -0500
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30E21188A13;
        Thu, 10 Mar 2022 23:23:43 -0800 (PST)
Received: from dggpeml500024.china.huawei.com (unknown [172.30.72.56])
        by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4KFHSV0t4Dzdb7k;
        Fri, 11 Mar 2022 15:22:18 +0800 (CST)
Received: from dggpeml500017.china.huawei.com (7.185.36.243) by
 dggpeml500024.china.huawei.com (7.185.36.10) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.21; Fri, 11 Mar 2022 15:23:41 +0800
Received: from linux-suspe12sp5.huawei.com (10.67.133.83) by
 dggpeml500017.china.huawei.com (7.185.36.243) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.21; Fri, 11 Mar 2022 15:23:41 +0800
From:   Chen Jingwen <chenjingwen6@huawei.com>
To:     Chen Jingwen <chenjingwen6@huawei.com>,
        "linux-kernel @ vger . kernel . org" <linux-kernel@vger.kernel.org>,
        "keyrings @ vger . kernel . org" <keyrings@vger.kernel.org>,
        Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>,
        David Howells <dhowells@redhat.com>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        James Morris <jmorris@namei.org>,
        "Serge E . Hallyn" <serge@hallyn.com>
Subject: strncmp might be wrong used in insert-sys-cert.c
Date:   Fri, 11 Mar 2022 15:23:39 +0800
Message-ID: <20220311072339.41306-1-chenjingwen6@huawei.com>
X-Mailer: git-send-email 2.12.3
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.67.133.83]
X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To
 dggpeml500017.china.huawei.com (7.185.36.243)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi, All.

When I scanned scripts/insert-sys-cert.c, I encounter that

>	    strncmp(cert_sym.content, cert, cert_size) == 0) {
>		warn("Certificate was already inserted.\n");
>		exit(EXIT_SUCCESS);

strncmp will stop if it sees b'\0'.  I think should use memcmp here.
For example, we have two _different_ certificates,
one was already inserted and another one is being processed by insert-sys-cert.
In case both certificates start with the same and follow a '\0',
another new one won't be overridden, which is not expected, right?

Chen Jingwen