[libvirt] [PATCH 08/10] util: Introduce 'virpin' module for dealing with PIN numbers

Ján Tomko jtomko at redhat.com
Tue Apr 2 13:24:58 UTC 2019 

On Mon, Apr 01, 2019 at 03:04:59PM +0200, Peter Krempa wrote:
>In https://www.redhat.com/archives/libvir-list/2019-February/msg01475.html
>I was notified that I forgot to deal with the possibility that the JSON
>number would contain jtomko's PIN number. I had to look around for a
>leaked list of PIN numbers to avoid the problem described in the review.
>
>This commit implements a checker which will allow deciding when to nuke
>the JSON number string. We obviously have to spare a few CPU cycles to
>make Jano feel safer.
>---
> src/libvirt_private.syms |    4 +
> src/util/Makefile.inc.am |    2 +
> src/util/virpin.c        | 1053 ++++++++++++++++++++++++++++++++++++++
> src/util/virpin.h        |   30 ++
> tests/utiltest.c         |   30 ++
> 5 files changed, 1119 insertions(+)
> create mode 100644 src/util/virpin.c
> create mode 100644 src/util/virpin.h
>

Sensible-chuckle-by: Ján Tomko <jtomko at redhat.com>

>+/* This is a list of leaked pin codes obtained from
>+ * https://pastebin.com/2qbRKh3R which I've found on the dark web. */

I'm not sure merging this is acceptable w/r/t to D-C-O.

>+static const char *virPinList[] = {

[...]

>+"1190", "1191", "1192", "1193", "1194", "1195", "1196", "1197", "1198", "1199",
>+"1200", "1201", "1202", "1203", "1204", "1205", "1206", "1207", "1208", "1209",
>+"1210", "1211", "1212", "1213", "1214", "1215", "1216", "1217", "1218", "1219",
>+"1220", "1221", "1222", "1223", "1224", "1225", "1226", "1227", "1228", "1229",
>+"1230", "1231", "1232", "1233", "1234", "1235", "1236", "1237", "1238", "1239",
Oh, look, here it is!              ^^^^

>+"1240", "1241", "1242", "1243", "1244", "1245", "1246", "1247", "1248", "1249",
>+"1250", "1251", "1252", "1253", "1254", "1255", "1256", "1257", "1258", "1259",
>+"1260", "1261", "1262", "1263", "1264", "1265", "1266", "1267", "1268", "1269",
>+"1270", "1271", "1272", "1273", "1274", "1275", "1276", "1277", "1278", "1279",
>+"1280", "1281", "1282", "1283", "1284", "1285", "1286", "1287", "1288", "1289",
>+"1290", "1291", "1292", "1293", "1294", "1295", "1296", "1297", "1298", "1299",

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190402/77b7d3e3/attachment-0001.sig>

More information about the libvir-list mailing list