From: Patrick Steinhardt <ps@pks.im>
To: grub-devel@gnu.org
Cc: Daniel Kiper <dkiper@net-space.pl>,
Glenn Washburn <development@efficientek.com>
Subject: [PATCH v4 0/2] luks2: Fix decoding of digests and salts with escaped chars
Date: Mon, 6 Jun 2022 07:28:51 +0200 [thread overview]
Message-ID: <cover.1654493022.git.ps@pks.im> (raw)
[-- Attachment #1: Type: text/plain, Size: 4503 bytes --]
Hi,
this is the fourth version of my patch series which fixes decoding of
digests and salts in LUKS2 headers in case they happen to contain
escaped characters. While modern cryptsetup versions in fact don't
escape any characters part of the Base64 alphabet, old versions of
cryptsetup did this until v2.0.2.
Changes compared to v3:
- Fixed the confusion between `size_t` and `grub_size_t` so that we
consistently use the latter.
- Improved error handling in `grub_json_unescape ()`: we now verify
that the out-parameters are set, check for memory allocation
errors and now return any errors encountered.
- `luks2_base64_decode ()` now initializes the out-parameters it
passes to `grub_json_unescape ()`.
This should address all the feedback by Glenn, except for modifying
`grub_json_unescape ()` to allow for in-place unescaping. I found the
end result to be less readable and more fragile when requiring the
caller to pass in a buffer, and we cannot make use of it right now
anyway. Thanks for your feedback!
Patrick
Patrick Steinhardt (2):
json: Add function to unescape JSON-encoded strings
luks2: Fix decoding of digests and salts with escaped chars
grub-core/disk/luks2.c | 28 +++++++++--
grub-core/lib/json/json.c | 101 ++++++++++++++++++++++++++++++++++++++
grub-core/lib/json/json.h | 12 +++++
3 files changed, 137 insertions(+), 4 deletions(-)
Range-diff against v3:
1: 3055f9f2f ! 1: c2233323a json: Add function to unescape JSON-encoded strings
@@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, const grub_jso
}
+
+grub_err_t
-+grub_json_unescape (char **out, size_t *outlen, const char *in, size_t inlen)
++grub_json_unescape (char **out, grub_size_t *outlen, const char *in, grub_size_t inlen)
+{
+ grub_err_t ret = GRUB_ERR_NONE;
-+ size_t inpos, resultpos;
++ grub_size_t inpos, resultpos;
+ char *result;
+
++ if (!out || !outlen)
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Output parameters are not set");
++
+ result = grub_calloc (1, inlen + 1);
++ if (!result)
++ return GRUB_ERR_OUT_OF_MEMORY;
+
+ for (inpos = resultpos = 0; inpos < inlen; inpos++)
+ {
@@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, const grub_jso
+ }
+ }
+ else
-+ {
+ result[resultpos++] = in[inpos];
-+ }
+ }
+
+ *out = result;
@@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, const grub_jso
+ if (ret != GRUB_ERR_NONE)
+ grub_free (result);
+
-+ return GRUB_ERR_NONE;
++ return ret;
+}
## grub-core/lib/json/json.h ##
@@ grub-core/lib/json/json.h: extern grub_err_t EXPORT_FUNC(grub_json_getint64) (gr
+ * See https://datatracker.ietf.org/doc/html/rfc8259#section-7 for more
+ * information on escaping in JSON.
+ */
-+extern grub_err_t EXPORT_FUNC(grub_json_unescape) (char **out, size_t *outlen,
-+ const char *in, size_t inlen);
++extern grub_err_t EXPORT_FUNC(grub_json_unescape) (char **out, grub_size_t *outlen,
++ const char *in, grub_size_t inlen);
+
#endif
2: 69424b2d1 ! 2: 84370adba luks2: Fix decoding of digests and salts with escaped chars
@@ grub-core/disk/luks2.c: luks2_scan (grub_disk_t disk, grub_cryptomount_args_t ca
}
+static grub_err_t
-+luks2_base64_decode (const char *in, size_t inlen, grub_uint8_t *decoded, idx_t *decodedlen)
++luks2_base64_decode (const char *in, grub_size_t inlen, grub_uint8_t *decoded, idx_t *decodedlen)
+{
-+ size_t unescaped_len;
-+ char *unescaped;
++ grub_size_t unescaped_len = 0;
++ char *unescaped = NULL;
+ bool successful;
+
+ if (grub_json_unescape (&unescaped, &unescaped_len, in, inlen) != GRUB_ERR_NONE)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not unescape Base64 string");
+
-+ successful = base64_decode (unescaped, unescaped_len, (char *)decoded, decodedlen);
++ successful = base64_decode (unescaped, (size_t)unescaped_len, (char *)decoded, decodedlen);
+ grub_free (unescaped);
+ if (!successful)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not decode Base64 string");
--
2.36.1
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2022-06-06 5:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-06 5:28 Patrick Steinhardt [this message]
2022-06-06 5:28 ` [PATCH v4 1/2] json: Add function to unescape JSON-encoded strings Patrick Steinhardt
2022-06-06 17:17 ` Glenn Washburn
2022-06-30 14:55 ` Daniel Kiper
2022-06-06 5:29 ` [PATCH v4 2/2] luks2: Fix decoding of digests and salts with escaped chars Patrick Steinhardt
2022-06-06 17:17 ` Glenn Washburn
2022-06-30 16:05 ` Daniel Kiper
2022-07-11 10:39 ` Patrick Steinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1654493022.git.ps@pks.im \
--to=ps@pks.im \
--cc=development@efficientek.com \
--cc=dkiper@net-space.pl \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.