trust: don't create file names longer then 255

p11-glue / p11-kit

Provides a way to load and enumerate PKCS#11 modules.

https://p11-glue.github.io/p11-glue/p11-kit.html

Other

151 stars 95 forks source link

trust: don't create file names longer then 255 #659

Closed ZoltanFridrich closed 1 month ago

ZoltanFridrich commented 1 month ago

trust extract creates file names based on CKA_LABEL attribute of trusted certificates. Some of these certificates contain labels that are longer then file name limit on linux which causes file creation to fail. This MR makes make_unique_name to trim names that are equal or longer then 255.

coveralls commented 1 month ago

coverage: 69.543% (+0.001%) from 69.542% when pulling cfbadaed744efa1e7b149aa945db58991cd0a2bb on ZoltanFridrich:zfridric_devel into 89d3a55f67bd8109b559ba3edda7cbdff554e503 on p11-glue:master.

ZoltanFridrich commented 1 month ago

Do we have any assurance that the truncated filename doesn't collide with others? Perhaps we could fall back to other naming scheme, e.g., hash, if the filename would be longer than 255?

Yes, we do. Because the name is truncated before any modifications and checks.