From: Alexey Dobriyan <adobriyan@gmail.com>
To: Milan Broz <gmazyland@gmail.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>,
Ondrej Kozina <okozina@redhat.com>,
Mike Snitzer <msnitzer@redhat.com>,
dm-devel@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: dm-crypt accepts '+' in the key
Date: Mon, 14 Nov 2016 03:36:32 +0300 [thread overview]
Message-ID: <20161114003631.GA1304@avx2> (raw)
In-Reply-To: <3ee83e71-78e0-7ba3-0fb4-5d906f66aa04@gmail.com>
On Sun, Nov 13, 2016 at 03:45:27PM +0100, Milan Broz wrote:
> On 11/12/2016 09:20 PM, Mikulas Patocka wrote:
> > Hi
> >
> > dm-crypt uses the function kstrtou8 to decode the encryption key. kstrtou8
> > calls kstrtoull and kstrtoull skips the first character if it is '+'.
> >
> > Consequently, it is possible to load keys with '+' in it. For example,
> > this is possible:
> >
> > dmsetup create cr --table "0 131072 crypt aes-cbc-essiv:sha256 +0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0 0 /dev/debian/tmptest 0"
> >
> > Should this be fixed in dm-crypt or in kstrtou8? A fix in kstrtou8 could
> > be more appropriate, but we don't know how many other kernel parts depend
> > on this "skip plus" behavior...
>
> I would way it should be checked in both places...
> For dmcrypt, it should validate input here and should
> not accept anything in key field in dm table that is not in hexa representation.
>
> (Is this regression since code switched from simple_strtoul to kstrtou8
> or this bug was there always?)
Well, before kernel would silently parse anything broken as "0".
But since it is base-16, "0[xX]" will be accepted before every byte.
dm-crypt should parse key by hand, frankly.
next prev parent reply other threads:[~2016-11-14 0:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-12 20:20 dm-crypt accepts '+' in the key Mikulas Patocka
2016-11-13 14:45 ` Milan Broz
2016-11-14 0:36 ` Alexey Dobriyan [this message]
2016-11-14 21:09 ` Mikulas Patocka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161114003631.GA1304@avx2 \
--to=adobriyan@gmail.com \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=msnitzer@redhat.com \
--cc=okozina@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.