-
Notifications
You must be signed in to change notification settings - Fork 8.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FAB-5035] Limit searchKeystoreForSKI to 64k files
Software keystore is trying to be helpful, and allow arbitrary names for the keys (this was so that one could, for example, create pem files with openssl, and point bccsp at the directory). Though at the time helpful (cryptogen did not exist), this is is a dangerous behaviour, bccsp/sw/fileks.searchKeystoreForSKI() will open every file in the directory and run PEM decoder on the file. If we indend to keep searchKeystoreForSKI() behaviour, lets add a file size check so that we dont end up reading in huge files (like a core dump..) and trying to see if its a PEM file. Change-Id: Ic7611eb2a3d4a1ab7d87dfbafb1634db770a4e24 Signed-off-by: Volodymyr Paprotski <vpaprots@ca.ibm.com>
- Loading branch information
Volodymyr Paprotski
committed
Feb 8, 2018
1 parent
466e6ac
commit 39fba9e
Showing
2 changed files
with
51 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters