powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1085 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 97c0362277
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '97c0362277'
${ noResults }
base/SOURCES/cryptsetup-2.0.6-check-json...

139 lines
4.8 KiB
Raw Blame History

diff -rupN cryptsetup-2.0.3.old/lib/luks2/luks2_disk_metadata.c cryptsetup-2.0.3/lib/luks2/luks2_disk_metadata.c
--- cryptsetup-2.0.3.old/lib/luks2/luks2_disk_metadata.c 2019-03-27 21:06:52.048172644 +0100
+++ cryptsetup-2.0.3/lib/luks2/luks2_disk_metadata.c 2019-03-27 21:07:12.068978543 +0100
@@ -204,6 +204,12 @@ static int hdr_disk_sanity_check_pre(str
return -EINVAL;
}
+ if (secondary && (offset != be64_to_cpu(hdr->hdr_size))) {
+ log_dbg("LUKS2 offset 0x%04x in secondary header doesn't match size 0x%04x.",
+ (unsigned)offset, (unsigned)be64_to_cpu(hdr->hdr_size));
+ return -EINVAL;
+ }
+
/* FIXME: sanity check checksum alg. */
log_dbg("LUKS2 header version %u of size %u bytes, checksum %s.",
@@ -476,7 +482,7 @@ static int validate_json_area(const char
return 0;
}
-static int validate_luks2_json_object(json_object *jobj_hdr)
+static int validate_luks2_json_object(json_object *jobj_hdr, uint64_t length)
{
int r;
@@ -487,14 +493,14 @@ static int validate_luks2_json_object(js
return r;
}
- r = LUKS2_hdr_validate(jobj_hdr);
+ r = LUKS2_hdr_validate(jobj_hdr, length);
if (r) {
log_dbg("Repairing JSON metadata.");
/* try to correct known glitches */
LUKS2_hdr_repair(jobj_hdr);
/* run validation again */
- r = LUKS2_hdr_validate(jobj_hdr);
+ r = LUKS2_hdr_validate(jobj_hdr, length);
}
if (r)
@@ -516,7 +522,7 @@ static json_object *parse_and_validate_j
r = validate_json_area(json_area, offset, length);
if (!r)
- r = validate_luks2_json_object(jobj);
+ r = validate_luks2_json_object(jobj, length);
if (r) {
json_object_put(jobj);
diff -rupN cryptsetup-2.0.3.old/lib/luks2/luks2_internal.h cryptsetup-2.0.3/lib/luks2/luks2_internal.h
--- cryptsetup-2.0.3.old/lib/luks2/luks2_internal.h 2019-03-27 21:06:52.048172644 +0100
+++ cryptsetup-2.0.3/lib/luks2/luks2_internal.h 2019-03-27 21:07:12.070978524 +0100
@@ -73,7 +73,7 @@ void JSON_DBG(json_object *jobj, const c
json_object *json_contains(json_object *jobj, const char *name, const char *section,
const char *key, json_type type);
-int LUKS2_hdr_validate(json_object *hdr_jobj);
+int LUKS2_hdr_validate(json_object *hdr_jobj, uint64_t length);
int LUKS2_keyslot_validate(json_object *hdr_jobj, json_object *hdr_keyslot, const char *key);
int LUKS2_check_json_size(const struct luks2_hdr *hdr);
int LUKS2_token_validate(json_object *hdr_jobj, json_object *jobj_token, const char *key);
diff -rupN cryptsetup-2.0.3.old/lib/luks2/luks2_json_metadata.c cryptsetup-2.0.3/lib/luks2/luks2_json_metadata.c
--- cryptsetup-2.0.3.old/lib/luks2/luks2_json_metadata.c 2019-03-27 21:06:52.049172634 +0100
+++ cryptsetup-2.0.3/lib/luks2/luks2_json_metadata.c 2019-03-27 21:07:44.937659885 +0100
@@ -446,7 +446,7 @@ int LUKS2_token_validate(json_object *hd
return 0;
}
-static int hdr_validate_json_size(json_object *hdr_jobj)
+static int hdr_validate_json_size(json_object *hdr_jobj, uint64_t hdr_json_size)
{
json_object *jobj, *jobj1;
const char *json;
@@ -460,12 +460,22 @@ static int hdr_validate_json_size(json_o
json_area_size = json_object_get_uint64(jobj1);
json_size = (uint64_t)strlen(json);
- return json_size > json_area_size ? 1 : 0;
+ if (hdr_json_size != json_area_size) {
+ log_dbg("JSON area size doesn't match value in binary header.");
+ return 1;
+ }
+
+ if (json_size > json_area_size) {
+ log_dbg("JSON doesn't fit in the designated area.");
+ return 1;
+ }
+
+ return 0;
}
int LUKS2_check_json_size(const struct luks2_hdr *hdr)
{
- return hdr_validate_json_size(hdr->jobj);
+ return hdr_validate_json_size(hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN);
}
static int hdr_validate_keyslots(json_object *hdr_jobj)
@@ -830,7 +840,7 @@ static int hdr_validate_config(json_obje
return 0;
}
-int LUKS2_hdr_validate(json_object *hdr_jobj)
+int LUKS2_hdr_validate(json_object *hdr_jobj, uint64_t json_size)
{
struct {
int (*validate)(json_object *);
@@ -852,10 +862,8 @@ int LUKS2_hdr_validate(json_object *hdr_
if (checks[i].validate && checks[i].validate(hdr_jobj))
return 1;
- if (hdr_validate_json_size(hdr_jobj)) {
- log_dbg("Json header is too large.");
+ if (hdr_validate_json_size(hdr_jobj, json_size))
return 1;
- }
/* validate keyslot implementations */
if (LUKS2_keyslots_validate(hdr_jobj))
@@ -903,7 +911,7 @@ int LUKS2_hdr_write(struct crypt_device
/* erase unused digests (no assigned keyslot or segment) */
LUKS2_digests_erase_unused(cd, hdr);
- if (LUKS2_hdr_validate(hdr->jobj))
+ if (LUKS2_hdr_validate(hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
return -EINVAL;
return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd));
@@ -1650,7 +1658,7 @@ const char *LUKS2_get_cipher(struct luks
return NULL;
if (!json_object_object_get_ex(jobj2, "encryption", &jobj3))
- return NULL;
+ return "null";
return json_object_get_string(jobj3);
}