diff options
author | Daniel P. Berrangé <berrange@redhat.com> | 2022-09-05 13:50:03 +0100 |
---|---|---|
committer | Daniel P. Berrangé <berrange@redhat.com> | 2022-10-27 12:55:27 +0100 |
commit | d233fbc327d3f1f03bc30e0486b9ade3aa23f9ec (patch) | |
tree | 9c53221037e0f325e26bfce8abeeaa11d4feb420 /crypto | |
parent | 93569c373027c5c46e518e01c0c3e2d07fbb6890 (diff) | |
download | qemu-d233fbc327d3f1f03bc30e0486b9ade3aa23f9ec.zip qemu-d233fbc327d3f1f03bc30e0486b9ade3aa23f9ec.tar.gz qemu-d233fbc327d3f1f03bc30e0486b9ade3aa23f9ec.tar.bz2 |
crypto: validate that LUKS payload doesn't overlap with header
We already validate that LUKS keyslots don't overlap with the
header, or with each other. This closes the remaining hole in
validation of LUKS file regions.
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/block-luks.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 6ef9a89..f22bc63 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -572,6 +572,13 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) return -1; } + if (luks->header.payload_offset_sector < + DIV_ROUND_UP(QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET, + QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) { + error_setg(errp, "LUKS payload is overlapping with the header"); + return -1; + } + /* Check all keyslots for corruption */ for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; i++) { |