diff options
author | Mickaël Salaün <mic@linux.microsoft.com> | 2021-07-12 19:03:11 +0200 |
---|---|---|
committer | Jarkko Sakkinen <jarkko@kernel.org> | 2022-05-23 17:47:49 +0200 |
commit | bf21dc591bb5f17ba4b29b84d4866e0adc39f57f (patch) | |
tree | 661133dac90d80dcb4b9d6a68544447a2fc55bf5 /security/commoncap.c | |
parent | certs: Factor out the blacklist hash creation (diff) | |
download | linux-bf21dc591bb5f17ba4b29b84d4866e0adc39f57f.tar.xz linux-bf21dc591bb5f17ba4b29b84d4866e0adc39f57f.zip |
certs: Make blacklist_vet_description() more strict
Before exposing this new key type to user space, make sure that only
meaningful blacklisted hashes are accepted. This is also checked for
builtin blacklisted hashes, but a following commit make sure that the
user will notice (at built time) and will fix the configuration if it
already included errors.
Check that a blacklist key description starts with a valid prefix and
then a valid hexadecimal string.
Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Eric Snowberg <eric.snowberg@oracle.com>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Link: https://lore.kernel.org/r/20210712170313.884724-4-mic@digikod.net
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'security/commoncap.c')
0 files changed, 0 insertions, 0 deletions