From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Tue, 15 Mar 2011 12:11:50 +0100 (CET)
Received: from int-mx02.intmail.prod.int.phx2.redhat.com
 (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p2FBBmaF005435
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
 for <dm-crypt@saout.de>; Tue, 15 Mar 2011 07:11:48 -0400
Received: from [10.34.26.53] (tawny.brq.redhat.com [10.34.26.53])
 by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id
 p2FBBlwI027285
 for <dm-crypt@saout.de>; Tue, 15 Mar 2011 07:11:48 -0400
Message-ID: <4D7F4973.9060509@redhat.com>
Date: Tue, 15 Mar 2011 12:11:47 +0100
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <4D7E53E5.3040007@redhat.com> <20110314221329.19d588ea@gmail.com>
 <4D7E925D.2010802@redhat.com> <20110315004559.091a1b53@gmail.com>
 <20110315010242.GB23585@tansi.org>
In-Reply-To: <20110315010242.GB23585@tansi.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.3.0-rc1 (test release
	candidate)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 03/15/2011 02:02 AM, Arno Wagner wrote:
> On Tue, Mar 15, 2011 at 12:45:59AM +0100, Rudolf Deilmann wrote:
>> On Mon, 14 Mar 2011 23:10:37 +0100

>> On my machine, $x greater than 90 results in different internal keys
>> for 'cat keyfile | cryptsetup ' and 'cryptsetup --key-file keyfile'. If
>> the key-file is even large, I get at least an error message. Sample
>> keyfile ( x=91 ) attached or at http://pastebin.com/PeLUZ5a4, if the
>> mailing list removes attachements. 
> 
> Wups, buffer overflow or cutdown (with the later being a whole
> lot better, but still a problem)?

There are no fixed buffers :)

Increasing LOOPAES_KEYFILE_MAXSIZE helps.
(it is clearly visible in debug output - when reading from stdout, it
reads 8125 bytes, but from keyfile it is limited to 8000).

I will also limit LUKS keyfile in next version, mistake will cause problems
(reading the whole device in locked memory -> OOPS or something like that).
I guess max 8MB is enough? We have already limit on passphrase from terminal
to 512 bytes.

Fixed in svn already.

Milan