From: sashiko-bot@kernel.org
To: "Blaise Boscaccy" <bboscaccy@linux.microsoft.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH v7 02/10] crypto: pkcs7: add ability to extract signed attributes by OID
Date: Fri, 08 May 2026 00:14:34 +0000 [thread overview]
Message-ID: <20260508001435.8F11BC2BCB2@smtp.kernel.org> (raw)
In-Reply-To: <20260507191416.2984054-3-bboscaccy@linux.microsoft.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [High] Premature loop termination if a verified signer lacks authenticated attributes (`sinfo->authattrs == NULL`).
- [Medium] The function returns the last matching attribute value rather than the first one, contradicting its API documentation.
--
commit 8f64855e85aaa27bba380d666827191e50cceb99
Author: James Bottomley <James.Bottomley@HansenPartnership.com>
crypto: pkcs7: add ability to extract signed attributes by OID
This commit adds an API, pkcs7_get_authattr(), to extract the value of an
authenticated attribute by a specific OID. It parses the signed attributes
and is intended to return the first matching value.
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index 6e3ffdac83ace..d467866f7d930 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
[ ... ]
> @@ -211,6 +212,86 @@ int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
[ ... ]
> +int pkcs7_aa_note_attr(void *context, size_t hdrlen,
> + unsigned char tag,
> + const void *value, size_t vlen)
> +{
> + struct pkcs7_aa_context *ctx = context;
> +
> + if (ctx->found) {
> + ctx->data = value;
> + ctx->len = vlen;
> + }
> +
> + return 0;
> +}
The documentation for pkcs7_get_authattr() mentions it returns the first match
in parse order.
If an authenticated attribute contains multiple values within its SET OF ANY,
or if multiple attributes share the same OID, won't this callback continuously
overwrite ctx->data and return the last matching value instead of the first
one?
Could we enforce capturing only the first value by checking if ctx->data is
already set before assigning it?
[ ... ]
> +int pkcs7_get_authattr(const struct pkcs7_message *pkcs7,
> + enum OID oid,
> + const void **_data, size_t *_len)
> +{
> + struct pkcs7_signed_info *sinfo = pkcs7->signed_infos;
> + struct pkcs7_aa_context ctx;
> +
> + ctx.data = NULL;
> + ctx.oid_to_find = oid;
> +
> + for (; sinfo; sinfo = sinfo->next) {
> + int ret;
> +
> + /* only extract OIDs from validated signers */
> + if (!sinfo->verified)
> + continue;
> +
> + ret = asn1_ber_decoder(&pkcs7_aa_decoder, &ctx,
> + sinfo->authattrs, sinfo->authattrs_len);
> + if (ret < 0 || ctx.data != NULL)
> + break;
> + }
PKCS#7 allows authenticated attributes to be optional, meaning sinfo->authattrs
could legitimately be NULL with a length of 0.
If a verified signer has no authenticated attributes, asn1_ber_decoder() will
be called with datalen == 0 and fail with a data overrun error, returning a
negative value.
Because the loop breaks on ret < 0, won't this permanently abort the search
across all subsequent signers instead of skipping to the next one?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260507191416.2984054-1-bboscaccy@linux.microsoft.com?part=2
next prev parent reply other threads:[~2026-05-08 0:14 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-07 19:13 [PATCH v7 00/10] Reintroduce Hornet LSM Blaise Boscaccy
2026-05-07 19:13 ` [PATCH v7 01/10] crypto: pkcs7: add flag for validated trust on a signed info block Blaise Boscaccy
2026-05-07 23:51 ` sashiko-bot
2026-05-07 19:13 ` [PATCH v7 02/10] crypto: pkcs7: add ability to extract signed attributes by OID Blaise Boscaccy
2026-05-08 0:14 ` sashiko-bot [this message]
2026-05-07 19:13 ` [PATCH v7 03/10] crypto: pkcs7: add tests for pkcs7_get_authattr Blaise Boscaccy
2026-05-08 0:35 ` sashiko-bot
2026-05-07 19:13 ` [PATCH v7 04/10] lsm: framework for BPF integrity verification Blaise Boscaccy
2026-05-08 1:09 ` sashiko-bot
2026-05-07 19:13 ` [PATCH v7 05/10] lsm: security: Add additional enum values for bpf integrity checks Blaise Boscaccy
2026-05-07 19:14 ` [PATCH v7 06/10] security: Hornet LSM Blaise Boscaccy
2026-05-08 2:07 ` sashiko-bot
2026-05-07 19:14 ` [PATCH v7 07/10] hornet: Introduce gen_sig Blaise Boscaccy
2026-05-08 2:22 ` sashiko-bot
2026-05-07 19:14 ` [PATCH v7 08/10] hornet: Add a light skeleton data extractor scripts Blaise Boscaccy
2026-05-08 2:35 ` sashiko-bot
2026-05-07 19:14 ` [PATCH v7 09/10] selftests/hornet: Add a selftest for the Hornet LSM Blaise Boscaccy
2026-05-08 2:58 ` sashiko-bot
2026-05-07 19:14 ` [PATCH v7 10/10] ipe: Add BPF program load policy enforcement via Hornet integration Blaise Boscaccy
2026-05-08 4:21 ` sashiko-bot
2026-05-08 18:40 ` Fan Wu
2026-05-07 20:57 ` [PATCH v7 00/10] Reintroduce Hornet LSM Paul Moore
2026-05-07 21:58 ` Eric Biggers
2026-05-07 22:22 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260508001435.8F11BC2BCB2@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bboscaccy@linux.microsoft.com \
--cc=bpf@vger.kernel.org \
--cc=sashiko@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox