diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2022-09-05 13:57:01 +0100 |
|---|---|---|
| committer | Daniel P. Berrangé <berrange@redhat.com> | 2022-10-27 12:55:27 +0100 |
| commit | c5f6962801b868b02fbaf01861f64783470d3d2a (patch) | |
| tree | beb0d5e39cd6dfbc75df0f84305dac2409344511 | |
| parent | d233fbc327d3f1f03bc30e0486b9ade3aa23f9ec (diff) | |
| download | qemu-c5f6962801b868b02fbaf01861f64783470d3d2a.zip qemu-c5f6962801b868b02fbaf01861f64783470d3d2a.tar.gz qemu-c5f6962801b868b02fbaf01861f64783470d3d2a.tar.bz2 | |
crypto: strengthen the check for key slots overlapping with LUKS header
The LUKS header data on disk is a fixed size, however, there's expected
to be a gap between the end of the header and the first key slot to get
alignment with the 2nd sector on 4k drives. This wasn't originally part
of the LUKS spec, but was always part of the reference implementation,
so it is worth validating this.
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
| -rw-r--r-- | crypto/block-luks.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index f22bc63..e6ee850 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -602,7 +602,7 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) return -1; } - if (start1 < DIV_ROUND_UP(sizeof(QCryptoBlockLUKSHeader), + if (start1 < DIV_ROUND_UP(QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) { error_setg(errp, "Keyslot %zu is overlapping with the LUKS header", |