Because there are already 3 targets used, the current detection
based only on dm-crypt is not sufficient.
Add new definition of dm_flags that allows separate target version detect.
Note: we do not want to load targets explicitly; instead, we repeats
detection after operation that could trigger target load.
If dm_flags() call fails, then the target is not yet loaded.
It is possible to trigger a double free with an invalid verity
partition. All it takes is an unknown hash algorithm, which makes it
a bit more likely than a completely broken partition header. But all
it takes is an error return value of VERITY_read_sb() or strdup().
If crypt_load fails before setting cd->type, crypt_free will handle
the union as if it was of type "none", which means it will call free()
for "active_name", a field which is only properly set up when the
type was actually "none".
In all other cases, "active_name" contains the first 4 or 8 bytes of
the actually used header structure. Fortunately it can be only a
pointer or NULL, so an attacker has no direct control of the value.
Nonetheless it can easily trigger a double free.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
alter all checks for devfd value after device_open to
less than zero insted of equals to -1. device_open will
return values different from -1 in case error happens.
In LUKSv1 device_open should always return -1 in case of
error but this check is safer.
The rest is just formating improvement.
- ensure that strings are \0 terminated (most of this is already
handled on higher level anyway)
- fix resource leak in error path in tcrypt.c
- fix time of check/time of use race in sysfs path processing
- insruct Coverity scanner to ignore constant expression in random.c
(it is intented to stop compile-time misconfiguration of RNG that would be fatal)
This includes crypto, loopaes, tcrypt handling code I have written myself
and verity code written originally by Mikulas Patocka and modified by me,
copyright by Red Hat.
Other part of library have to stay GPLv2+ only for now
(no agreement from all authors).
Allocate loop device late (only when real block device needed).
Rework underlying device/file access functions.
Move all device (and ioctl) access to utils_device.c.
Allows using file where appropriate without allocation loop device.
