On Fri, 15.05.15 15:32, Pavel Odvody (podv...@redhat.com) wrote: > > > + else if (!startswith(ref, "sha256")) > > > + return false; > > > + > > > + else if (!in_charset(colon + 1, "0123456789abcdef")) > > > + return false; > > > > > > Hmm, how precisely do this refs look, can you provide some examples? > > > > Right now you do not validate anything between "sha256" and the first > > ":", that's not intended, is it? > > > > Lennart > > > > You're right, there's a blind spot, the digest reference looks like > this: > > sha256:7266a84a67d01165f222eac5785fed00791eb3aec0fd8a18086b76310280d9da > > Thanks for catching this.
Does the the part after the colon have a variable length? Or isn't it fixed length for the "sha256:" prefix? If it's fixed size it should probably be verified, too. If it's variable size, does it have a minimum and maximum size? Presumably, right? I figure it definitely can't have zero length, right? Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
