eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Harden checksum resilience parameters verification.

Browse Source
This commit is contained in:
Ondrej Kozina
2022-06-02 14:44:56 +02:00
parent e8ec3e1005
commit 99a3d328f0
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/luks2/luks2_reencrypt.c
View File

@@ -2313,6 +2313,7 @@ static int reencrypt_verify_and_upload_keys(struct crypt_device *cd,
static int reencrypt_verify_resilience_params(struct crypt_device *cd,
const struct crypt_params_reencrypt *params)
{
size_t len;
struct crypt_hash *ch;
if (!params || !params->resilience)
@@ -2325,7 +2326,11 @@ static int reencrypt_verify_resilience_params(struct crypt_device *cd,
else if (!strcmp(params->resilience, "datashift")) {
return params->data_shift ? 0 : -EINVAL;
} else if (!strcmp(params->resilience, "checksum")) {
if (!params->hash || strlen(params->hash) > (LUKS2_CHECKSUM_ALG_L - 1))
if (!params->hash)
return -EINVAL;
len = strlen(params->hash);
if (!len || len > (LUKS2_CHECKSUM_ALG_L - 1))
return -EINVAL;
if (crypt_hash_size(params->hash) <= 0)
@@ -2780,12 +2785,13 @@ static int reencrypt_load_by_passphrase(struct crypt_device *cd,
log_dbg(cd, "Loading LUKS2 reencryption context.");
if (params) {
required_size = params->device_size;
max_hotzone_size = params->max_hotzone_size;
r = reencrypt_verify_resilience_params(cd, params);
if (r < 0)
return r;
if (params) {
required_size = params->device_size;
max_hotzone_size = params->max_hotzone_size;
}
rh = crypt_get_luks2_reencrypt(cd);