Re: dm-crypt accepts '+' in the key

From: Milan Broz
Date: Sun Nov 13 2016 - 09:45:56 EST

Next message: Rafael J. Wysocki: "Re: [PATCH 1/3] cpufreq: schedutil: enable fast switch earlier"
Previous message: Rafael J. Wysocki: "Re: [PATCH 2/3] cpufreq: schedutil: move slow path from workqueue to SCHED_FIFO task"
In reply to: Mikulas Patocka: "dm-crypt accepts '+' in the key"
Next in thread: Alexey Dobriyan: "Re: dm-crypt accepts '+' in the key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/12/2016 09:20 PM, Mikulas Patocka wrote:
> Hi
>
> dm-crypt uses the function kstrtou8 to decode the encryption key. kstrtou8
> calls kstrtoull and kstrtoull skips the first character if it is '+'.
>
> Consequently, it is possible to load keys with '+' in it. For example,
> this is possible:
>
> dmsetup create cr --table "0 131072 crypt aes-cbc-essiv:sha256 +0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0 0 /dev/debian/tmptest 0"
>
> Should this be fixed in dm-crypt or in kstrtou8? A fix in kstrtou8 could
> be more appropriate, but we don't know how many other kernel parts depend
> on this "skip plus" behavior...

I would way it should be checked in both places...
For dmcrypt, it should validate input here and should
not accept anything in key field in dm table that is not in hexa representation.

(Is this regression since code switched from simple_strtoul to kstrtou8
or this bug was there always?)

Milan

Next message: Rafael J. Wysocki: "Re: [PATCH 1/3] cpufreq: schedutil: enable fast switch earlier"
Previous message: Rafael J. Wysocki: "Re: [PATCH 2/3] cpufreq: schedutil: move slow path from workqueue to SCHED_FIFO task"
In reply to: Mikulas Patocka: "dm-crypt accepts '+' in the key"
Next in thread: Alexey Dobriyan: "Re: dm-crypt accepts '+' in the key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]