Do not allow unexpected fields in keyring token validation.

2025-12-15 04:40:05 +01:00 · 2018-02-15 11:46:00 +01:00
parent 2b6808f165
commit 1968efe9f0
1 changed files with 5 additions and 0 deletions
--- a/lib/luks2/luks2_token_keyring.c
+++ b/lib/luks2/luks2_token_keyring.c
@@ -62,6 +62,11 @@ static int keyring_validate(struct crypt_device *cd __attribute__((unused)),
 		return r;
 	}

+	if (json_object_object_length(jobj_token) != 3) {
+		log_dbg("Keyring token is expected to have exactly 3 fields.");
+		goto out;
+	}
+
 	if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) {
 		log_dbg("missing key_description field.");
 		goto out;