eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-08 17:30:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix potential null pointer dereference.

Browse Source 
Signed-off-by: wangzhiqiang <wangzhiqiang95@huawei.com>
This commit is contained in:
wangzhiqiang
2023-02-10 15:02:23 +08:00
parent 4fc619853d
commit ec0efe7068
10 changed files with 110 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/luks2/luks2_digest_pbkdf2.c
View File

@@ -147,6 +147,9 @@ static int PBKDF2_digest_store(struct crypt_device *cd,
json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests);
} }
if (!jobj_digest)
return -ENOMEM;
json_object_object_add(jobj_digest, "type", json_object_new_string("pbkdf2")); json_object_object_add(jobj_digest, "type", json_object_new_string("pbkdf2"));
json_object_object_add(jobj_digest, "keyslots", json_object_new_array()); json_object_object_add(jobj_digest, "keyslots", json_object_new_array());
json_object_object_add(jobj_digest, "segments", json_object_new_array()); json_object_object_add(jobj_digest, "segments", json_object_new_array());

38
lib/luks2/luks2_json_format.c
View File

@@ -299,29 +299,59 @@ int LUKS2_generate_hdr(
return -EINVAL; return -EINVAL;
hdr->jobj = json_object_new_object(); hdr->jobj = json_object_new_object();
if (!hdr->jobj) {
r = -ENOMEM;
goto err;
}
jobj_keyslots = json_object_new_object(); jobj_keyslots = json_object_new_object();
if (!jobj_keyslots) {
r = -ENOMEM;
goto err;
}
json_object_object_add(hdr->jobj, "keyslots", jobj_keyslots); json_object_object_add(hdr->jobj, "keyslots", jobj_keyslots);
json_object_object_add(hdr->jobj, "tokens", json_object_new_object()); json_object_object_add(hdr->jobj, "tokens", json_object_new_object());
jobj_segments = json_object_new_object(); jobj_segments = json_object_new_object();
if (!jobj_segments) {
r = -ENOMEM;
goto err;
}
json_object_object_add(hdr->jobj, "segments", jobj_segments); json_object_object_add(hdr->jobj, "segments", jobj_segments);
json_object_object_add(hdr->jobj, "digests", json_object_new_object()); json_object_object_add(hdr->jobj, "digests", json_object_new_object());
jobj_config = json_object_new_object(); jobj_config = json_object_new_object();
if (!jobj_config) {
r = -ENOMEM;
goto err;
}
json_object_object_add(hdr->jobj, "config", jobj_config); json_object_object_add(hdr->jobj, "config", jobj_config);
digest = LUKS2_digest_create(cd, "pbkdf2", hdr, vk); digest = LUKS2_digest_create(cd, "pbkdf2", hdr, vk);
if (digest < 0) if (digest < 0) {
r = -EINVAL;
goto err; goto err;
}
if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0) if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0) {
r = -EINVAL;
goto err; goto err;
}
jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher, sector_size, 0); jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher, sector_size, 0);
if (!jobj_segment) if (!jobj_segment) {
r = -EINVAL;
goto err; goto err;
}
if (integrity) { if (integrity) {
jobj_integrity = json_object_new_object(); jobj_integrity = json_object_new_object();
if (!jobj_integrity) {
r = -ENOMEM;
goto err;
}
json_object_object_add(jobj_integrity, "type", json_object_new_string(integrity)); json_object_object_add(jobj_integrity, "type", json_object_new_string(integrity));
json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string("none")); json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string("none"));
json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string("none")); json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string("none"));
@@ -338,7 +368,7 @@ int LUKS2_generate_hdr(
err: err:
json_object_put(hdr->jobj); json_object_put(hdr->jobj);
hdr->jobj = NULL; hdr->jobj = NULL;
return -EINVAL; return r;
} }
int LUKS2_wipe_header_areas(struct crypt_device *cd, int LUKS2_wipe_header_areas(struct crypt_device *cd,

8
lib/luks2/luks2_json_metadata.c
View File

@@ -88,6 +88,9 @@ struct json_object *LUKS2_array_remove(struct json_object *array, const char *nu
/* Create new array without jobj_removing. */ /* Create new array without jobj_removing. */
array_new = json_object_new_array(); array_new = json_object_new_array();
if (!array_new)
return NULL;
for (i = 0; i < (int) json_object_array_length(array); i++) { for (i = 0; i < (int) json_object_array_length(array); i++) {
jobj1 = json_object_array_get_idx(array, i); jobj1 = json_object_array_get_idx(array, i);
if (jobj1 != jobj_removing) if (jobj1 != jobj_removing)
@@ -478,6 +481,9 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj
json = json_object_to_json_string_ext(hdr_jobj, json = json_object_to_json_string_ext(hdr_jobj,
JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
if (!json)
return 1;
json_area_size = crypt_jobj_get_uint64(jobj1); json_area_size = crypt_jobj_get_uint64(jobj1);
json_size = (uint64_t)strlen(json); json_size = (uint64_t)strlen(json);
@@ -1575,6 +1581,8 @@ int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3
return 0; return 0;
jobj_flags = json_object_new_array(); jobj_flags = json_object_new_array();
if (!jobj_flags)
return -ENOMEM;
for (i = 0; persistent_flags[i].description; i++) { for (i = 0; persistent_flags[i].description; i++) {
if (flags & persistent_flags[i].flag) { if (flags & persistent_flags[i].flag) {

8
lib/luks2/luks2_keyslot.c
View File

@@ -803,6 +803,9 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
return -EINVAL; return -EINVAL;
jobj_keyslot = json_object_new_object(); jobj_keyslot = json_object_new_object();
if (!jobj_keyslot)
return -ENOMEM;
json_object_object_add(jobj_keyslot, "type", json_object_new_string("placeholder")); json_object_object_add(jobj_keyslot, "type", json_object_new_string("placeholder"));
/* /*
* key_size = -1 makes placeholder keyslot impossible to pass validation. * key_size = -1 makes placeholder keyslot impossible to pass validation.
@@ -813,6 +816,11 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
/* Area object */ /* Area object */
jobj_area = json_object_new_object(); jobj_area = json_object_new_object();
if (!jobj_area) {
json_object_put(jobj_keyslot);
return -ENOMEM;
}
json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
json_object_object_add(jobj_keyslot, "area", jobj_area); json_object_object_add(jobj_keyslot, "area", jobj_area);

18
lib/luks2/luks2_keyslot_luks2.c
View File

@@ -512,17 +512,32 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
} }
jobj_keyslot = json_object_new_object(); jobj_keyslot = json_object_new_object();
if (!jobj_keyslot) {
r = -ENOMEM;
goto err;
}
json_object_object_add(jobj_keyslot, "type", json_object_new_string("luks2")); json_object_object_add(jobj_keyslot, "type", json_object_new_string("luks2"));
json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(volume_key_len)); json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(volume_key_len));
/* AF object */ /* AF object */
jobj_af = json_object_new_object(); jobj_af = json_object_new_object();
if (!jobj_af) {
r = -ENOMEM;
goto err;
}
json_object_object_add(jobj_af, "type", json_object_new_string("luks1")); json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
json_object_object_add(jobj_af, "stripes", json_object_new_int(params->af.luks1.stripes)); json_object_object_add(jobj_af, "stripes", json_object_new_int(params->af.luks1.stripes));
json_object_object_add(jobj_keyslot, "af", jobj_af); json_object_object_add(jobj_keyslot, "af", jobj_af);
/* Area object */ /* Area object */
jobj_area = json_object_new_object(); jobj_area = json_object_new_object();
if (!jobj_area) {
r = -ENOMEM;
goto err;
}
json_object_object_add(jobj_area, "type", json_object_new_string("raw")); json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
@@ -541,6 +556,9 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
json_object_object_del_by_uint(jobj_keyslots, keyslot); json_object_object_del_by_uint(jobj_keyslots, keyslot);
return r; return r;
err:
json_object_put(jobj_keyslot);
return r;
} }
static int luks2_keyslot_open(struct crypt_device *cd, static int luks2_keyslot_open(struct crypt_device *cd,

23
lib/luks2/luks2_luks1_convert.c
View File

@@ -67,11 +67,21 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
int r; int r;
keyslot_obj = json_object_new_object(); keyslot_obj = json_object_new_object();
if (!keyslot_obj) {
r = -ENOMEM;
goto err;
}
json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2")); json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2"));
json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes)); json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes));
/* KDF */ /* KDF */
jobj_kdf = json_object_new_object(); jobj_kdf = json_object_new_object();
if (!jobj_kdf) {
r = -ENOMEM;
goto err;
}
json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2)); json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2));
json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec)); json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec));
json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations)); json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations));
@@ -89,6 +99,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
/* AF */ /* AF */
jobj_af = json_object_new_object(); jobj_af = json_object_new_object();
if (!jobj_af) {
r = -ENOMEM;
goto err;
}
json_object_object_add(jobj_af, "type", json_object_new_string("luks1")); json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec)); json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec));
/* stripes field ignored, fixed to LUKS_STRIPES (4000) */ /* stripes field ignored, fixed to LUKS_STRIPES (4000) */
@@ -97,6 +112,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
/* Area */ /* Area */
jobj_area = json_object_new_object(); jobj_area = json_object_new_object();
if (!jobj_area) {
r = -ENOMEM;
goto err;
}
json_object_object_add(jobj_area, "type", json_object_new_string("raw")); json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
/* encryption algorithm field */ /* encryption algorithm field */
@@ -124,6 +144,9 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
*keyslot_object = keyslot_obj; *keyslot_object = keyslot_obj;
return 0; return 0;
err:
json_object_put(keyslot_obj);
return r;
} }
static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object) static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object)

3
src/cryptsetup.c
View File

@@ -3439,6 +3439,9 @@ int main(int argc, const char **argv)
textdomain(PACKAGE); textdomain(PACKAGE);
popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0); popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0);
if (!popt_context)
exit(EXIT_FAILURE);
poptSetOtherOptionHelp(popt_context, poptSetOtherOptionHelp(popt_context,
_("[OPTION...] <action> <action-specific>")); _("[OPTION...] <action> <action-specific>"));

3
src/integritysetup.c
View File

@@ -660,6 +660,9 @@ int main(int argc, const char **argv)
textdomain(PACKAGE); textdomain(PACKAGE);
popt_context = poptGetContext("integrity", argc, argv, popt_options, 0); popt_context = poptGetContext("integrity", argc, argv, popt_options, 0);
if (!popt_context)
exit(EXIT_FAILURE);
poptSetOtherOptionHelp(popt_context, poptSetOtherOptionHelp(popt_context,
_("[OPTION...] <action> <action-specific>")); _("[OPTION...] <action> <action-specific>"));

3
src/veritysetup.c
View File

@@ -599,6 +599,9 @@ int main(int argc, const char **argv)
textdomain(PACKAGE); textdomain(PACKAGE);
popt_context = poptGetContext("verity", argc, argv, popt_options, 0); popt_context = poptGetContext("verity", argc, argv, popt_options, 0);
if (!popt_context)
exit(EXIT_FAILURE);
poptSetOtherOptionHelp(popt_context, poptSetOtherOptionHelp(popt_context,
_("[OPTION...] <action> <action-specific>")); _("[OPTION...] <action> <action-specific>"));

8
tokens/ssh/cryptsetup-ssh.c
View File

@@ -80,13 +80,19 @@ static int token_add(
r = -EINVAL; r = -EINVAL;
jobj = json_object_new_object(); jobj = json_object_new_object();
if (!jobj) if (!jobj) {
r = -ENOMEM;
goto out; goto out;
}
/* type is mandatory field in all tokens and must match handler name member */ /* type is mandatory field in all tokens and must match handler name member */
json_object_object_add(jobj, "type", json_object_new_string(TOKEN_NAME)); json_object_object_add(jobj, "type", json_object_new_string(TOKEN_NAME));
jobj_keyslots = json_object_new_array(); jobj_keyslots = json_object_new_array();
if (!jobj_keyslots) {
r = -ENOMEM;
goto out;
}
/* mandatory array field (may be empty and assigned later */ /* mandatory array field (may be empty and assigned later */
json_object_object_add(jobj, "keyslots", jobj_keyslots); json_object_object_add(jobj, "keyslots", jobj_keyslots);