Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp113504pxb; Thu, 21 Apr 2022 18:35:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyC8BoM5jpSxvA34nqTX2HXgPUY9ZW5yrW0ZFUHR49lI0eVSlo4UnH5PjfbOCYBKgYjnkHa X-Received: by 2002:a17:906:3101:b0:6d6:5b64:906f with SMTP id 1-20020a170906310100b006d65b64906fmr1945307ejx.513.1650591317233; Thu, 21 Apr 2022 18:35:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650591317; cv=none; d=google.com; s=arc-20160816; b=wyVIXJAEb8sJNMn2reCPVxNfzYIl9p74nWXixzJn+MIxcKjLUWPfHCK+hkXl0shzar j5jBmTpGtld6yJarxdJP3tTyTAthTdFLUbYOXR6RMyzLsJ9xKtZoR9f6Omo6hOy9A6km dZSSMvbxVLl/t1YHTZF4l17JwAKbP4XPE6txo0NjlSCNs+TXuIgxcKEyl8iW0LHWnbC0 WJYNqKzqjgiDZea3kPFtO8bJX3CXZxQxuNszf1z/fRHXsVK6q17x8S/nTUUp0KnYgB1u YSTDSPWgAR9X+KBsgwkMJaOFfve68PMgZ8A87Vc9j1fg3AHgoF/E9j32qqewuXOHZ/Ma oCKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :from:references:cc:to:content-language:user-agent:mime-version:date :message-id:dkim-signature; bh=1qVVeahF58jsejFKGcMPzFBGrasfwZw6Nw5RnXi/ucc=; b=v2kTAEtt3TlAFEJeGmW8G5REVJsXAsSdYPCPC27BkjrK1qkKwKz3kUWNCIGo0xONm/ f7nuiu3IzArdrbv77NUUA0YCaqcuPQC7ccvYNQb18JX4VfERy++mPHLBgo3/AX2jELTR K+Ze1MlL7dntVlZ3ek3G2dnwN+Y+iAWHngxjzZgSX+n60MlnKERQPNV2011nQ0wLW4R1 AdvmtlUDyiD/HIaWvIJf1NJkMNhbthAeBp/GuDaHuhu+0t3l6kpOPDSLrNgMzJsnyvq8 AIVC+4We9+9ECF7/2b7zeDGBFAPNFpWy7Ms7gcGtXGl8YV3vDoGPnQxC/YtlhoH/EHpD kTUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=nNXoGIDo; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n19-20020a1709067b5300b006e89058c9f5si5397050ejo.320.2022.04.21.18.33.57; Thu, 21 Apr 2022 18:35:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=nNXoGIDo; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1387925AbiDUPaa (ORCPT + 99 others); Thu, 21 Apr 2022 11:30:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1390065AbiDUPaa (ORCPT ); Thu, 21 Apr 2022 11:30:30 -0400 Received: from smtp-bc08.mail.infomaniak.ch (smtp-bc08.mail.infomaniak.ch [IPv6:2001:1600:4:17::bc08]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39FCB42A3F for ; Thu, 21 Apr 2022 08:27:39 -0700 (PDT) Received: from smtp-3-0000.mail.infomaniak.ch (unknown [10.4.36.107]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4KkhHX4tHNzMpnVP; Thu, 21 Apr 2022 17:27:36 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4KkhHQ5DB5zlhRVS; Thu, 21 Apr 2022 17:27:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1650554856; bh=wfi/++th9BRPfWoeyhYKE1CzBwUJ6ThyRbpenoGiMFw=; h=Date:To:Cc:References:From:Subject:In-Reply-To:From; b=nNXoGIDoUO+Fk/7rXzk3ywqiM0Y/zb5zm49DgnpRjMToRDRzX7tnOtHKSTulUkDFX yPYpxVXVISMDd4GMp+GwXFbdKrk37+7MvvK38EsCpT+dCx8ue23yRizpGi6a8tL0/Z 4UvMTcyOnFbX6lVPaGoTMq5PB6VWErrItIWV6SMQ= Message-ID: <01ec2ce7-986d-451a-4a36-f627263ef826@digikod.net> Date: Thu, 21 Apr 2022 17:27:42 +0200 MIME-Version: 1.0 User-Agent: Content-Language: en-US To: Jarkko Sakkinen , David Howells Cc: David Woodhouse , "David S . Miller" , Eric Snowberg , Herbert Xu , James Morris , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Mimi Zohar , "Serge E . Hallyn" , Tyler Hicks , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org References: <20210312171232.2681989-4-mic@digikod.net> <20210312171232.2681989-1-mic@digikod.net> <648218.1650450548@warthog.procyon.org.uk> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Subject: Re: [PATCH v7 3/5] certs: Make blacklist_vet_description() more strict In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 21/04/2022 17:12, Jarkko Sakkinen wrote: > On Wed, Apr 20, 2022 at 11:29:08AM +0100, David Howells wrote: >> Mickaël Salaün wrote: >> >>> + /* The following algorithm only works if prefix lengths match. */ >>> + BUILD_BUG_ON(sizeof(tbs_prefix) != sizeof(bin_prefix)); >>> + prefix_len = sizeof(tbs_prefix) - 1; >>> + for (i = 0; *desc; desc++, i++) { >>> + if (*desc == ':') { >>> + if (tbs_step == prefix_len) >>> + goto found_colon; >>> + if (bin_step == prefix_len) >>> + goto found_colon; >>> + return -EINVAL; >>> + } >>> + if (i >= prefix_len) >>> + return -EINVAL; >>> + if (*desc == tbs_prefix[i]) >>> + tbs_step++; >>> + if (*desc == bin_prefix[i]) >>> + bin_step++; >>> + } >> >> I wonder if: >> >> static const char tbs_prefix[] = "tbs:"; >> static const char bin_prefix[] = "bin:"; >> >> if (strncmp(desc, tbs_prefix, sizeof(tbs_prefix) - 1) == 0 || >> strncmp(desc, bin_prefix, sizeof(bin_prefix) - 1) == 0) >> goto found_colon; >> >> might be better. >> >> David > > I think it'd be. > > BR, Jarkko I'm confused. Didn't you plan to send this patch series before v5.18-rc2? It's been a while since I started working on this.