static int diffuse(char *src, char *dst, size_t size, const char *hash_name)
{
- unsigned int digest_size = crypt_hash_size(hash_name);
+ int hash_size = crypt_hash_size(hash_name);
+ unsigned int digest_size;
unsigned int i, blocks, padding;
+ if (hash_size <= 0)
+ return 1;
+ digest_size = hash_size;
+
blocks = size / digest_size;
padding = size % digest_size;
r = crypt_random_get(ctx, hdr->keyblock[keyIndex].passwordSalt,
LUKS_SALTSIZE, CRYPT_RND_SALT);
if (r < 0)
- return r;
+ goto out;
r = PBKDF2_HMAC(hdr->hashSpec, password,passwordLen,
hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
assert(vk->keylength == hdr->keyBytes);
AFEKSize = AF_split_sectors(vk->keylength, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
AfKey = crypt_safe_alloc(AFEKSize);
- if (!AfKey)
- return -ENOMEM;
+ if (!AfKey) {
+ r = -ENOMEM;
+ goto out;
+ }
r = PBKDF2_HMAC(hdr->hashSpec, password,passwordLen,
hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
if (r < 0)
return r;
- if (params->flags & CRYPT_VERITY_NO_HEADER)
+ if (params && params->flags & CRYPT_VERITY_NO_HEADER)
return -EINVAL;
if (params)
return -ENOMEM;
cd->verity_hdr.flags = params->flags;
- cd->verity_hdr.hash_name = strdup(params->hash_name);
+ if (!(cd->verity_hdr.hash_name = strdup(params->hash_name)))
+ return -ENOMEM;
cd->verity_hdr.data_device = NULL;
cd->verity_hdr.data_block_size = params->data_block_size;
cd->verity_hdr.hash_block_size = params->hash_block_size;
cd->verity_hdr.hash_type = params->hash_type;
cd->verity_hdr.flags = params->flags;
cd->verity_hdr.salt_size = params->salt_size;
- cd->verity_hdr.salt = malloc(params->salt_size);
+ if (!(cd->verity_hdr.salt = malloc(params->salt_size)))
+ return -ENOMEM;
+
if (params->salt)
memcpy(CONST_CAST(char*)cd->verity_hdr.salt, params->salt,
params->salt_size);
log_dbg("Suspending volume %s.", name);
- if (!isLUKS(cd->type)) {
+ if (!cd || !isLUKS(cd->type)) {
log_err(cd, _("This operation is supported only for LUKS device.\n"));
r = -EINVAL;
goto out;
return -EINVAL;
}
- if (!cd)
- dm_backend_init();
+ dm_backend_init();
r = dm_status_suspended(cd, name);
if (r < 0)
else if (r)
log_err(cd, "Error during suspending device %s.\n", name);
out:
- if (!cd)
- dm_backend_exit();
+ dm_backend_exit();
return r;
}
alloc->size = size;
memset(&alloc->data, 0, size);
+ /* coverity[leaked_storage] */
return &alloc->data;
}
break;
case 't':
case 'T': mult *= mult_base;
+ /* Fall through */
case 'g':
case 'G': mult *= mult_base;
+ /* Fall through */
case 'm':
case 'M': mult *= mult_base;
+ /* Fall through */
case 'k':
case 'K': mult *= mult_base;
break;
if (snprintf(path, sizeof(path), "/sys/dev/block/%s", dev_id) < 0)
return NULL;
- len = readlink(path, link, sizeof(link));
+ len = readlink(path, link, sizeof(link) - 1);
if (len < 0) {
/* Without /sys use old scan */
if (stat("/sys/dev/block", &st) < 0)
s = data_file_blocks >> (i * hash_per_block_bits);
s = (s + hash_per_block - 1) / hash_per_block;
hash_level_size[i] = s;
- if (hash_position + s < hash_position ||
- (hash_position + s) < 0 ||
- (hash_position + s) != hash_position + s) {
+ if ((hash_position + s) < hash_position ||
+ (hash_position + s) < 0) {
log_err(cd, _("Device offset overflow.\n"));
return -EINVAL;
}
static const char **action_argv;
static int action_argc;
+static const char *null_action_argv[] = {NULL, NULL};
static int action_create(int arg);
static int action_remove(int arg);
struct action_type *action;
const char *aname;
int r;
- const char *null_action_argv[] = {NULL};
crypt_set_log_callback(NULL, tool_log, NULL);
s = read(devfd, buf, SECTOR_SIZE);
if (s < 0 || s != SECTOR_SIZE) {
log_err(_("Cannot read device %s.\n"), rc->device);
- close(devfd);
- return -EIO;
+ r = -EIO;
+ goto out;
}
/* Be sure that we do not process new version of header */
1, rc->device_uuid, rc->reencrypt_direction,
rc->device_offset, rc->device_shift);
- lseek(rc->log_fd, 0, SEEK_SET);
+ if (lseek(rc->log_fd, 0, SEEK_SET) == -1)
+ return -EIO;
+
r = write(rc->log_fd, rc->log_buf, SECTOR_SIZE);
if (r < 0 || r != SECTOR_SIZE) {
log_err(_("Cannot write reencryption log file.\n"));