shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 08:26:52 +03:00
Code

cryptsetup-pkcs11: refuse keys above 16MiB size

Browse Source
This commit is contained in:
Lennart Poettering 2019-12-17 18:39:53 +01:00
parent 2ccf0ff6e8
commit 12f69587e9
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/cryptsetup/cryptsetup-pkcs11.c
View File

@ -12,12 +12,15 @@
#include "cryptsetup-pkcs11.h" #include "cryptsetup-pkcs11.h"
#include "escape.h" #include "escape.h"
#include "fd-util.h" #include "fd-util.h"
#include "format-util.h"
#include "macro.h" #include "macro.h"
#include "memory-util.h" #include "memory-util.h"
#include "pkcs11-util.h" #include "pkcs11-util.h"
#include "stat-util.h" #include "stat-util.h"
#include "strv.h" #include "strv.h"
#define KEY_FILE_SIZE_MAX (16U*1024U*1024U) /* 16 MiB */
static int load_key_file( static int load_key_file(
const char *key_file, const char *key_file,
size_t key_file_size, size_t key_file_size,
@ -50,8 +53,13 @@ static int load_key_file(
if (st.st_size == 0) if (st.st_size == 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Key file is empty, refusing."); return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Key file is empty, refusing.");
if ((uint64_t) st.st_size > SIZE_MAX) if ((uint64_t) st.st_size > KEY_FILE_SIZE_MAX) {
return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Key file too large, refusing."); char buf1[FORMAT_BYTES_MAX], buf2[FORMAT_BYTES_MAX];
return log_error_errno(SYNTHETIC_ERRNO(ERANGE),
"Key file larger (%s) than allowed maximum size (%s), refusing.",
format_bytes(buf1, sizeof(buf1), st.st_size),
format_bytes(buf2, sizeof(buf2), KEY_FILE_SIZE_MAX));
}
if (key_file_offset >= (uint64_t) st.st_size) if (key_file_offset >= (uint64_t) st.st_size)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Key file offset too large for file, refusing."); return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Key file offset too large for file, refusing.");