diff options
author | Daniel P. Berrangé <berrange@redhat.com> | 2022-05-10 14:17:43 +0100 |
---|---|---|
committer | Daniel P. Berrangé <berrange@redhat.com> | 2022-10-27 12:55:27 +0100 |
commit | c1d8634c207defb547a57515729233e47f65718f (patch) | |
tree | a4f556b2db9b25aa876687d2d4aaab5fbc72cff2 | |
parent | f1018ea0a30f577d1e3515d0a6362e362a0cb86f (diff) | |
download | qemu-c1d8634c207defb547a57515729233e47f65718f.zip qemu-c1d8634c207defb547a57515729233e47f65718f.tar.gz qemu-c1d8634c207defb547a57515729233e47f65718f.tar.bz2 |
crypto: sanity check that LUKS header strings are NUL-terminated
The LUKS spec requires that header strings are NUL-terminated, and our
code relies on that. Protect against maliciously crafted headers by
adding validation.
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-rw-r--r-- | crypto/block-luks.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index f62be68..27d1b34 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -554,6 +554,24 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) return -1; } + if (!memchr(luks->header.cipher_name, '\0', + sizeof(luks->header.cipher_name))) { + error_setg(errp, "LUKS header cipher name is not NUL terminated"); + return -1; + } + + if (!memchr(luks->header.cipher_mode, '\0', + sizeof(luks->header.cipher_mode))) { + error_setg(errp, "LUKS header cipher mode is not NUL terminated"); + return -1; + } + + if (!memchr(luks->header.hash_spec, '\0', + sizeof(luks->header.hash_spec))) { + error_setg(errp, "LUKS header hash spec is not NUL terminated"); + return -1; + } + /* Check all keyslots for corruption */ for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; i++) { |