Re: [PATCH RESEND] KEYS: fix parsing invalid pkey info string

From: Linus Torvalds
Date: Mon Dec 17 2018 - 15:02:26 EST

On Mon, Dec 17, 2018 at 11:51 AM James Bottomley
<James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote:
> If this is to replace Eric's patch, didn't you want to set token_mask
> to (1<<Opt_err)?

No, let's not add any extra code that is trying to be subtle. Subtle
interactions was where the bug came from.

The code already checks the actual Opt_xyz for errors in a switch
statement. The token_mask should be _purely_ about duplicate options
(or conflicting ones).

Talking about the conflicting ones: Opt_hash checks that
Opt_policydigest isn't set. But Opt_policydigest doesn't check that
Opt_hash isn't set, so you can mix the two if you just do it in the
right order.

But that's a separate bug, and doesn't seem to be a huge deal.

But it *is* an example of how bogus all of this stuff is. Clearly
people weren't really paying attention when writing any of this code.