Re: [PATCH 3/7] rust: security: add abstraction for secctx

From: Alice Ryhl
Date: Fri Dec 01 2023 - 05:48:39 EST

Next message: Tor Vic: "[Bug Report] [6.6] i2c: No atomic i2c transfer handler"
Previous message: Lee Jones: "Re: [PATCH v2 2/6] twl-core: add power off implementation for twl603x"
Next in thread: Benno Lossin: "Re: [PATCH 3/7] rust: security: add abstraction for secctx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Benno Lossin <benno.lossin@xxxxxxxxx> writes:
> On 11/29/23 14:11, Alice Ryhl wrote:
>> + /// Returns the bytes for this security context.
>> + pub fn as_bytes(&self) -> &[u8] {
>> + let mut ptr = self.secdata;
>> + if ptr.is_null() {
>> + // Many C APIs will use null pointers for strings of length zero, but
>
> I would just write that the secctx API uses null pointers to denote a
> string of length zero.

I don't actually know whether it can ever be null, I just wanted to stay
on the safe side.

>> + // `slice::from_raw_parts` doesn't allow the pointer to be null even if the length is
>> + // zero. Replace the pointer with a dangling but non-null pointer in this case.
>> + debug_assert_eq!(self.seclen, 0);
>
> I am feeling a bit uncomfortable with this, why can't we just return
> an empty slice in this case?

I can do that, but to be clear, what I'm doing here is also definitely
okay.

Alice

Next message: Tor Vic: "[Bug Report] [6.6] i2c: No atomic i2c transfer handler"
Previous message: Lee Jones: "Re: [PATCH v2 2/6] twl-core: add power off implementation for twl603x"
Next in thread: Benno Lossin: "Re: [PATCH 3/7] rust: security: add abstraction for secctx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]