Fix hash limiting if parameter is not a number.

If hash lenght specification was not a number, the whole key was set to zero instead of command failure. Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1028362
2025-12-05 16:00:05 +01:00 · 2013-11-10 19:06:15 +01:00
parent 5736b0a114
commit db56125708
2 changed files with 21 additions and 3 deletions
--- a/lib/crypt_plain.c
+++ b/lib/crypt_plain.c
@@ -21,7 +21,7 @@
 */

 #include <string.h>
-#include <stdlib.h>
+#include <stdio.h>
 #include <errno.h>

 #include "libcryptsetup.h"
@@ -83,7 +83,11 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)),
 	/* hash[:hash_length] */
 	if ((s = strchr(hash_name_buf, ':'))) {
 		*s = '\0';
-		hash_size = atoi(++s);
+		s++;
+		if (!*s || sscanf(s, "%zd", &hash_size) != 1) {
+			log_dbg("Hash length is not a number");
+			return -EINVAL;
+		}
 		if (hash_size > key_size) {
 			log_dbg("Hash length %zd > key length %zd",
 				hash_size, key_size);