Allow dash and underscore chars in external token names.

Current alphabet for external token types is alphanumeric characters including '-' and '_'. Empty strings are also forbiden.
2025-12-05 16:00:05 +01:00 · 2021-03-16 18:15:03 +01:00
parent 5d0a11a21b
commit 36805b3cfe
2 changed files with 23 additions and 6 deletions
--- a/lib/luks2/luks2.h
+++ b/lib/luks2/luks2.h
@@ -44,6 +44,8 @@
 #define LUKS2_BUILTIN_TOKEN_PREFIX "luks2-"
 #define LUKS2_BUILTIN_TOKEN_PREFIX_LEN 6

+#define LUKS2_TOKEN_NAME_MAX 64
+
 #define LUKS2_TOKEN_KEYRING LUKS2_BUILTIN_TOKEN_PREFIX "keyring"

 #define LUKS2_DIGEST_MAX 8
--- a/lib/luks2/luks2_token.c
+++ b/lib/luks2/luks2_token.c
@@ -93,6 +93,20 @@ static bool token_validate_v2(struct crypt_device *cd, const struct crypt_token_

 	return true;
 }
+
+static bool external_token_name_valid(const char *name)
+{
+	if (!*name || strlen(name) > LUKS2_TOKEN_NAME_MAX)
+		return false;
+
+	while (*name) {
+		if (!isalnum(*name) && *name != '-' && *name != '_')
+			return false;
+		name++;
+	}
+
+	return true;
+}
 #endif

 static int
@@ -102,16 +116,17 @@ crypt_token_load_external(struct crypt_device *cd, const char *name, struct cryp
 	struct crypt_token_handler_v2 *token;
 	void *h;
 	char buf[512];
-	int i, r;
+	int r;

-	if (!ret || !name || strlen(name) > 64)
+	if (!ret || !name)
 		return -EINVAL;

-	token = &ret->u.v2;
+	if (!external_token_name_valid(name)) {
+		log_dbg(cd, "External token name (%.*s) invalid.", LUKS2_TOKEN_NAME_MAX, name);
+		return -EINVAL;
+	}

-	for (i = 0; name[i]; i++)
-		if (!isalnum(name[i]))
-			return -EINVAL;
+	token = &ret->u.v2;

 	r = snprintf(buf, sizeof(buf), "libcryptsetup-token-%s.so", name);
 	if (r < 0 || (size_t)r >= sizeof(buf))