summaryrefslogtreecommitdiffstats
path: root/security/commoncap.c
diff options
context:
space:
mode:
authorMickaël Salaün <mic@linux.microsoft.com>2021-07-12 19:03:11 +0200
committerJarkko Sakkinen <jarkko@kernel.org>2022-05-23 17:47:49 +0200
commitbf21dc591bb5f17ba4b29b84d4866e0adc39f57f (patch)
tree661133dac90d80dcb4b9d6a68544447a2fc55bf5 /security/commoncap.c
parentcerts: Factor out the blacklist hash creation (diff)
downloadlinux-bf21dc591bb5f17ba4b29b84d4866e0adc39f57f.tar.xz
linux-bf21dc591bb5f17ba4b29b84d4866e0adc39f57f.zip
certs: Make blacklist_vet_description() more strict
Before exposing this new key type to user space, make sure that only meaningful blacklisted hashes are accepted. This is also checked for builtin blacklisted hashes, but a following commit make sure that the user will notice (at built time) and will fix the configuration if it already included errors. Check that a blacklist key description starts with a valid prefix and then a valid hexadecimal string. Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Eric Snowberg <eric.snowberg@oracle.com> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Link: https://lore.kernel.org/r/20210712170313.884724-4-mic@digikod.net Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'security/commoncap.c')
0 files changed, 0 insertions, 0 deletions