Fix passphrase pool overflow for TCRYPT device id passphrase > pool size.

TCRYPT format limits passphrase length to max. 64 characters so simply error in this case.

diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
index b446531..2a1ca06 100644 (file)
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -393,7 +393,7 @@ struct crypt_params_verity {
  */
 struct crypt_params_tcrypt {
        const char *passphrase;    /**< passphrase to unlock header (input only) */
-       size_t passphrase_size;    /**< passphrase size (input only) */
+       size_t passphrase_size;    /**< passphrase size (input only, max length is 64) */
        const char **keyfiles;     /**< keyfile paths to unlock header (input only) */
        unsigned int keyfiles_count;/**< keyfiles count (input only) */
        const char *hash_name;     /**< hash function for PBKDF */

diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c
index 239d3c7..6c0f782 100644 (file)
--- a/lib/tcrypt/tcrypt.c
+++ b/lib/tcrypt/tcrypt.c
@@ -485,6 +485,12 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
        else
                passphrase_size = params->passphrase_size;
 
+       if (params->passphrase_size > TCRYPT_KEY_POOL_LEN) {
+               log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded.\n"),
+                             TCRYPT_KEY_POOL_LEN);
+               return -EINVAL;
+       }
+
        /* Calculate pool content from keyfiles */
        for (i = 0; i < params->keyfiles_count; i++) {
                r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i]);