Re: [PATCH 17/23] pefile: Strip the wrapper off of the cert data block

[David Howells]

Kees Cook <keescook@xxxxxxxxxxxx> wrote:

> > +       memcpy(&wrapper, prep->data + ctx->sig_offset, 8);
> 
> Instead of the literal 8, sizeof(wrapper)?

Reasonable.  It was originally an array of bytes until I found out that it had
structure.  Even so, I should probably have used sizeof() then.

> > +               if (pkcs7[1] == 0x82 &&
> > +                   pkcs7[2] == (((ctx->sig_len - 4) >> 8) & 0xff) &&
> > +                   pkcs7[3] ==  ((ctx->sig_len - 4)       & 0xff))
> > +                       return 0;
> > +               if (pkcs7[1] == 0x80)
> > +                       return 0;
> > +               if (pkcs7[1] > 0x82)
> > +                       return -EMSGSIZE;
>
> Can these literals be replaced with something more meaningful?

Certainly the 0x80 can.  I have a patch to define ASN1_INDEFINITE_LENGTH.  The
question is how to define the 0x82 since it's a flag plus a value.  Maybe by
using something like:

	#define ASN1_LONG_LENGTH(x) (0x80 | (x))

Anyway, thanks for the reviews!

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/