From 9e0bcedbaa1ffd419f3131bf2ec691d3a3fefe51 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Fri, 29 Nov 2024 14:26:15 +0100
Subject: [PATCH] Harden LUKS2 volume key compare helper.

---
 lib/setup.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/setup.c b/lib/setup.c
index 1cacbacf..9ed92490 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -3215,10 +3215,15 @@ static int _compare_volume_keys_luks2(struct volume_key *svk, struct volume_key
 	if (crypt_volume_key_length(svk) != crypt_volume_key_length(tvk))
 		return 1;
 
-	if (crypt_volume_key_is_set(svk) && crypt_volume_key_is_set(tvk))
-		return crypt_backend_memeq(crypt_volume_key_get_key(svk),
-					   crypt_volume_key_get_key(tvk),
-					   crypt_volume_key_length(svk));
+	if ((!crypt_volume_key_is_set(svk) && !crypt_volume_key_description(svk)) ||
+	    (!crypt_volume_key_is_set(tvk) && !crypt_volume_key_description(tvk)))
+		return 1;
+
+	if (crypt_volume_key_is_set(svk) && crypt_volume_key_is_set(tvk) &&
+	    crypt_backend_memeq(crypt_volume_key_get_key(svk),
+				crypt_volume_key_get_key(tvk),
+				crypt_volume_key_length(svk)))
+		return 1;
 
 	if (crypt_volume_key_description(svk) && crypt_volume_key_description(tvk))
 		return (crypt_volume_key_kernel_key_type(svk) != crypt_volume_key_kernel_key_type(tvk) ||