eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-09 01:40:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Do not allow device activation if data area overlaps with LUKS header.

Browse Source
This commit is contained in:
Milan Broz
2018-10-11 11:55:45 +02:00
parent a771460dbd
commit 4beb0f702a
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/setup.c
View File

@@ -2904,6 +2904,23 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot)
return LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot, 0);
}
static int _check_header_data_overlap(struct crypt_device *cd, const char *name)
{
if (!name || !isLUKS(cd->type))
return 0;
if (!device_is_identical(crypt_data_device(cd), crypt_metadata_device(cd)))
return 0;
/* FIXME: check real header size */
if (crypt_get_data_offset(cd) == 0) {
log_err(cd, _("Device header overlaps with data area."));
return -EINVAL;
}
return 0;
}
/*
* Activation/deactivation of a device
*/
@@ -2923,6 +2940,10 @@ static int _activate_by_passphrase(struct crypt_device *cd,
if ((flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) && name)
return -EINVAL;
r = _check_header_data_overlap(cd, name);
if (r < 0)
return r;
/* plain, use hashed passphrase */
if (isPLAIN(cd->type)) {
if (!name)
@@ -3123,6 +3144,10 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
if (r < 0)
return r;
r = _check_header_data_overlap(cd, name);
if (r < 0)
return r;
/* use key directly, no hash */
if (isPLAIN(cd->type)) {
if (!name)