eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix keyslot JSON validation.

Browse Source 
If keyslot JSON is corrupted (kdf,af,area objects),
validate function can crash.

Fix it by always using JSON type check.

Fixes: #731
This commit is contained in:
Milan Broz
2022-04-12 23:02:49 +02:00
parent dbd4dc1dc0
commit e89071e73f
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/luks2/luks2_keyslot_luks2.c
View File

@@ -673,9 +673,9 @@ static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
if (!jobj_keyslot)
return -EINVAL;
if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
if (!(jobj_kdf = json_contains(cd, jobj_keyslot, "", "keyslot", "kdf", json_type_object)) ||
!(jobj_af = json_contains(cd, jobj_keyslot, "", "keyslot", "af", json_type_object)) ||
!(jobj_area = json_contains(cd, jobj_keyslot, "", "keyslot", "area", json_type_object)))
return -EINVAL;
count = json_object_object_length(jobj_kdf);
@@ -700,9 +700,12 @@ static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
return -EINVAL;
}
if (!json_object_object_get_ex(jobj_af, "type", &jobj1))
jobj1 = json_contains(cd, jobj_af, "", "af section", "type", json_type_string);
if (!jobj1)
return -EINVAL;
if (!strcmp(json_object_get_string(jobj1), "luks1")) {
type = json_object_get_string(jobj1);
if (!strcmp(type, "luks1")) {
if (!json_contains(cd, jobj_af, "", "luks1 af", "hash", json_type_string) ||
!json_contains(cd, jobj_af, "", "luks1 af", "stripes", json_type_int))
return -EINVAL;
@@ -710,9 +713,12 @@ static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
return -EINVAL;
// FIXME check numbered
if (!json_object_object_get_ex(jobj_area, "type", &jobj1))
jobj1 = json_contains(cd, jobj_area, "", "area section", "type", json_type_string);
if (!jobj1)
return -EINVAL;
if (!strcmp(json_object_get_string(jobj1), "raw")) {
type = json_object_get_string(jobj1);
if (!strcmp(type, "raw")) {
if (!json_contains(cd, jobj_area, "area", "raw type", "encryption", json_type_string) ||
!json_contains(cd, jobj_area, "area", "raw type", "key_size", json_type_int) ||
!json_contains(cd, jobj_area, "area", "raw type", "offset", json_type_string) ||