Disallow explicit small payload offset for detached header.

author Milan Broz <gmazyland@gmail.com>

Sat, 11 May 2013 08:59:02 +0000 (10:59 +0200)

committer Milan Broz <gmazyland@gmail.com>

Sat, 11 May 2013 08:59:02 +0000 (10:59 +0200)
author Milan Broz <gmazyland@gmail.com>
Sat, 11 May 2013 08:59:02 +0000 (10:59 +0200)
committer Milan Broz <gmazyland@gmail.com>
Sat, 11 May 2013 08:59:02 +0000 (10:59 +0200)
diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c

index d51b3a58a31532f4e293e7a18deab73db673e06a..c1e24bdf640d191802eef114f15742d55fa41ab1 100644 (file)
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -605,7 +605,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,
                        int detached_metadata_device,
                        struct crypt_device *ctx)
  {
-       unsigned int i=0;
+       unsigned int i = 0, hdr_sectors = LUKS_device_sectors(vk->keylength);
         size_t blocksPerStripeSet, currentSector;
         int r;
         uuid_t partitionUuid;
@@ -615,6 +615,13 @@ int LUKS_generate_phdr(struct luks_phdr *header,
         if (alignPayload == 0 && !detached_metadata_device)
                 alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE;
  
+       if (alignPayload && detached_metadata_device && alignPayload < hdr_sectors) {
+               log_err(ctx, _("Data offset for detached LUKS header must be "
+                              "either 0 or higher than header size (%d sectors).\n"),
+                              hdr_sectors);
+               return -EINVAL;
+       }
+
         if (crypt_hmac_size(hashSpec) < LUKS_DIGESTSIZE) {
                 log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hashSpec);
                 return -EINVAL;
diff --git a/tests/compat-test b/tests/compat-test

index 36e186c1e85e5edf0bc9d9bb6e0fb9674ec883ef..ab3ade5dcc3153a7fc0144c1c92bb71736ef5f4e 100755 (executable)
--- a/tests/compat-test
+++ b/tests/compat-test
@@ -527,6 +527,8 @@ $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail
  prepare "[28] Detached LUKS header" wipe
  dd if=/dev/zero of=$HEADER_IMG bs=1M count=4 >/dev/null 2>&1
  echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG || fail
+echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail
+echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail
  echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail
  echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
  $CRYPTSETUP -q resize  $DEV_NAME --size 100 --header $HEADER_IMG || fail
author	Milan Broz <gmazyland@gmail.com>
	Sat, 11 May 2013 08:59:02 +0000 (10:59 +0200)
committer	Milan Broz <gmazyland@gmail.com>
	Sat, 11 May 2013 08:59:02 +0000 (10:59 +0200)
lib/luks1/keymanage.c		patch \| blob \| history
tests/compat-test		patch \| blob \| history