From 14138335bd3c7204d5bff4690ffa2314dd4a0a9e Mon Sep 17 00:00:00 2001
From: William Roberts <wroberts@tresys.com>
Date: Mon, 14 Oct 2013 15:51:48 -0700
Subject: [PATCH] tools: Strengthen BEGIN/END CERTIFICATE checks

insertkeys.py used beginswith() when checking that the BEGIN
and END CERTIFICATE clauses in PEM files were correct. It should
have done an explicit check on equality.

Change-Id: I5efb48d180bc674e6281a26a955acd248588b8bd
---
 tools/insertkeys.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/insertkeys.py b/tools/insertkeys.py
index 7237d6f9e..ca1e43280 100755
--- a/tools/insertkeys.py
+++ b/tools/insertkeys.py
@@ -40,7 +40,7 @@ class GenerateKeys(object):
         for line in pkFile:
             line = line.strip()
             # Are we starting the certificate?
-            if line.startswith("-----BEGIN CERTIFICATE-----"):
+            if line == "-----BEGIN CERTIFICATE-----":
                 if inCert:
                     sys.exit("Encountered another BEGIN CERTIFICATE without END CERTIFICATE on " +
                              "line: " + str(lineNo))
@@ -48,7 +48,7 @@ class GenerateKeys(object):
                 inCert = True
 
             # Are we ending the ceritifcate?
-            elif line.startswith("-----END CERTIFICATE-----"):
+            elif line == "-----END CERTIFICATE-----":
                 if not inCert:
                     sys.exit("Encountered END CERTIFICATE before BEGIN CERTIFICATE on line: "
                             + str(lineNo))
-- 
GitLab