eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 10:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix handling of too long label and subsystem fields

Browse Source 
These LUKS2 labels are stored in the binary header area that has limited size.

While we have been silently truncating strings here, it is something that
is not expected, as the final label is then different than expected.

Let's fix the code to explicitly print and return error here.

Also remove the comment about duplicate check. It is incorrect  optimization,
as some users will expect a real write on disk, we should no skip it.

Fixes: #958
This commit is contained in:
Milan Broz
2025-09-11 16:24:00 +02:00
parent 3a8feb8be7
commit 0eaaa4553e
3 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/luks2/luks2_json_metadata.c
View File

@@ -1272,7 +1272,11 @@ int LUKS2_hdr_uuid(struct crypt_device *cd, struct luks2_hdr *hdr, const char *u
int LUKS2_hdr_labels(struct crypt_device *cd, struct luks2_hdr *hdr,
const char *label, const char *subsystem, int commit)
{
//FIXME: check if the labels are the same and skip this.
if ((label && strlen(label) >= LUKS2_LABEL_L) ||
(subsystem && strlen(subsystem) >= LUKS2_LABEL_L)) {
log_err(cd, _("Label is too long."));
return -EINVAL;
}
memset(hdr->label, 0, LUKS2_LABEL_L);
if (label)

4
tests/api-test-2.c
View File

@@ -4059,6 +4059,7 @@ static void Luks2Refresh(void)
static void Luks2Flags(void)
{
uint32_t flags = 42;
const char *longlabel = "0123456789abcedf0123456789abcedf0123456789abcedf";
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
@@ -4089,6 +4090,9 @@ static void Luks2Flags(void)
OK_(strcmp("", crypt_get_label(cd)));
OK_(strcmp("", crypt_get_subsystem(cd)));
FAIL_(crypt_set_label(cd, longlabel, NULL), "long label");
FAIL_(crypt_set_label(cd, NULL, longlabel), "long subsystem");
CRYPT_FREE(cd);
}

2
tests/compat-test2
View File

@@ -1278,6 +1278,8 @@ $CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "(no label)" || fail
$CRYPTSETUP config $LOOPDEV --subsystem SatelliteThree --label TheLabel
$CRYPTSETUP luksDump $LOOPDEV | grep "Subsystem:" | grep -q "SatelliteThree" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "TheLabel" || fail
$CRYPTSETUP config $LOOPDEV --label 0123456789abcdef0123456789abcdef0123456789abcdef 2>/dev/null && fail
$CRYPTSETUP config $LOOPDEV --subsystem 0123456789abcdef0123456789abcdef0123456789abcdef 2>/dev/null && fail
prepare "[36] LUKS PBKDF setting" wipe
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --pbkdf bla $LOOPDEV >/dev/null 2>&1 && fail