> On Oct 18, 2024, at 10:55 AM, Ben Boeckel <m...@benboeckel.net> wrote: > > On Fri, Oct 18, 2024 at 15:42:15 +0000, Eric Snowberg wrote: >> >> This was done incase the end-user has a trailing carriage return at the >> end of their ACL. I have updated the comment as follows: >> >> + /* >> + * Copy the user supplied contents, if uppercase is used, convert it >> to >> + * lowercase. Also if the end of the ACL contains any whitespace, >> strip >> + * it out. >> + */ > > Well, this doesn't check the end for whitespace; any internal whitespace > will terminate the key: > > DEAD BEEF > ^ becomes NUL > > and results in the same thing as `DEAD` being passed.
Originally I was thinking I could extract and fix up the data in pkcs7_preparse_content, later when key_acl_vet_description gets called do the validation. But I see your point that it is possible there could be a valid ACL, followed by a space and some other data, which should trigger an invalid response. I'll take care of this in the next round too. I'll also add a Kunit test for this one. Thanks.
