Disallow explicit small payload offset for detached header.

[platform/upstream/cryptsetup.git] / lib / luks1 / keymanage.c

diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c
index d51b3a5..c1e24bd 100644 (file)
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -605,7 +605,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,
                       int detached_metadata_device,
                       struct crypt_device *ctx)
 {
-       unsigned int i=0;
+       unsigned int i = 0, hdr_sectors = LUKS_device_sectors(vk->keylength);
        size_t blocksPerStripeSet, currentSector;
        int r;
        uuid_t partitionUuid;
@@ -615,6 +615,13 @@ int LUKS_generate_phdr(struct luks_phdr *header,
        if (alignPayload == 0 && !detached_metadata_device)
                alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE;
 
+       if (alignPayload && detached_metadata_device && alignPayload < hdr_sectors) {
+               log_err(ctx, _("Data offset for detached LUKS header must be "
+                              "either 0 or higher than header size (%d sectors).\n"),
+                              hdr_sectors);
+               return -EINVAL;
+       }
+
        if (crypt_hmac_size(hashSpec) < LUKS_DIGESTSIZE) {
                log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hashSpec);
                return -EINVAL;