From e600024908219af09819d1a6549cad2b6813a8f0 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Thu, 14 Feb 2013 14:37:50 +0100 Subject: [PATCH] Fix passphrase pool overflow for TCRYPT device id passphrase > pool size. TCRYPT format limits passphrase length to max. 64 characters so simply error in this case. --- lib/libcryptsetup.h | 2 +- lib/tcrypt/tcrypt.c | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index b446531..2a1ca06 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -393,7 +393,7 @@ struct crypt_params_verity { */ struct crypt_params_tcrypt { const char *passphrase; /**< passphrase to unlock header (input only) */ - size_t passphrase_size; /**< passphrase size (input only) */ + size_t passphrase_size; /**< passphrase size (input only, max length is 64) */ const char **keyfiles; /**< keyfile paths to unlock header (input only) */ unsigned int keyfiles_count;/**< keyfiles count (input only) */ const char *hash_name; /**< hash function for PBKDF */ diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c index 239d3c7..6c0f782 100644 --- a/lib/tcrypt/tcrypt.c +++ b/lib/tcrypt/tcrypt.c @@ -485,6 +485,12 @@ static int TCRYPT_init_hdr(struct crypt_device *cd, else passphrase_size = params->passphrase_size; + if (params->passphrase_size > TCRYPT_KEY_POOL_LEN) { + log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded.\n"), + TCRYPT_KEY_POOL_LEN); + return -EINVAL; + } + /* Calculate pool content from keyfiles */ for (i = 0; i < params->keyfiles_count; i++) { r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i]); -- 2.7.4