Actions
Task #4715
open
In addMember, limit the secret bytes to 1 through 127
Status:
New
Priority:
Normal
Assignee:
-
Start date:
08/17/2018
Due date:
% Done:
0%
Estimated time:
Description
When generating the secret bytes in AccessManager::addMember, you exclude a value of 0 (because openssl needs a null-terminated C string):
https://github.com/named-data/name-based-access-control/blob/new/src/access-manager.cpp#L96
for (size_t i = 0; i < secretLength; ++i) {
if (secret[i] == 0) {
secret[i] = 1;
}
}
The Java implementation of PKCS 8 encryption of a private key takes a char[] instead of a byte[] which is even more restrictive. It gives different results from openssl when the bytes are greater than 127. Therefore would it be OK for addMember to restrict to the range of 1 through 127?
for (size_t i = 0; i < secretLength; ++i) {
secret[i] &= 0x7f;
if (secret[i] == 0) {
secret[i] = 1;
}
}
No data to display
Actions