diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2022-05-10 14:35:57 +0100 |
|---|---|---|
| committer | Daniel P. Berrangé <berrange@redhat.com> | 2022-10-27 12:55:27 +0100 |
| commit | 93569c373027c5c46e518e01c0c3e2d07fbb6890 (patch) | |
| tree | e9b30a5a1ef84932442eedfc666e65bb31639e9f /crypto/block-luks.c | |
| parent | f1195961f36b19ce9008dabf11ee8362803bcd92 (diff) | |
| download | qemu-93569c373027c5c46e518e01c0c3e2d07fbb6890.zip qemu-93569c373027c5c46e518e01c0c3e2d07fbb6890.tar.gz qemu-93569c373027c5c46e518e01c0c3e2d07fbb6890.tar.bz2 | |
crypto: enforce that key material doesn't overlap with LUKS header
We already check that key material doesn't overlap between key slots,
and that it doesn't overlap with the payload. We didn't check for
overlap with the LUKS header.
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'crypto/block-luks.c')
| -rw-r--r-- | crypto/block-luks.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 81744e2..6ef9a89 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -595,6 +595,14 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) return -1; } + if (start1 < DIV_ROUND_UP(sizeof(QCryptoBlockLUKSHeader), + QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) { + error_setg(errp, + "Keyslot %zu is overlapping with the LUKS header", + i); + return -1; + } + if (start1 + len1 > luks->header.payload_offset_sector) { error_setg(errp, "Keyslot %zu is overlapping with the encrypted payload", |