From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1oAqta-0003lo-VI for mharc-grub-devel@gnu.org; Mon, 11 Jul 2022 06:44:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51444) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oAqtZ-0003k7-A1 for grub-devel@gnu.org; Mon, 11 Jul 2022 06:44:05 -0400 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:33463) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oAqtX-0006mO-4j for grub-devel@gnu.org; Mon, 11 Jul 2022 06:44:04 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 8BCB1320084E; Mon, 11 Jul 2022 06:43:59 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Mon, 11 Jul 2022 06:43:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to; s=fm3; t= 1657536239; x=1657622639; bh=4ZJVk3y27pFWzUHXU0x1WBWZT7m4n2DfByy j7HlnuEk=; b=Jx1BhLfuL68xzcfCnFpLiWCx0aCgZ2CosDbnF/OKocarHba6c/w lbDZnOwZ6U103meJ3LaV3b6u2tkJ21RGxaDCrk1mHX/BDGVxtjwMna0KpDbtENkv qLmjCAzE+OHsxkjedk6Dt+rQoRA3qza6BTA3C8wZI5GS+Svaw+/8LPUJ0RlNHXUh yCWY29YsAZgL1FW2kWfBaI0W75JYROd/iPBfW13tLDr9DZbRpvPtQpyrO73MHFHC hfFG+MnxIl9Nlr0yGjw2+FMOKh/SrhC3vqBddcEiea2dMpz9wI0g7/Ke63hsC7Fe 7/+DS0MnGpI04q6VnRiL+tt10oxaTd+PZ0Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:message-id:mime-version :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1657536239; x= 1657622639; bh=4ZJVk3y27pFWzUHXU0x1WBWZT7m4n2DfByyj7HlnuEk=; b=X 7zDI5xsND1Qi9qlToM4ExEar7llysyOdaQh9Smz+jAblJp1EPx81K2tSAtz7sbs3 TZNL+jnzXlgzqTp1+JXGElV4HdJiodrJ7PHy/gxQF5CLjl56B0BsOTiQXbClUyDL YozsAvQNsupeGTqlUC6jRzWqBdsT0X+uUfn2M3hjR00id0uraFhHWoWjDSKT2Elz wLW1GqdkpaQYsskLge9IXjlI5LXNqfJEgonKK8MnabZDa//t/twNJmg87mAKMoZk 5Z/nSsJ0l/74I95phnYt9pVQZU7s7koAM+R6iJI2yneyfi5e+xepyNzbDryfxpaN u26sxQ0DXusX4CNHKh3Cg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudejfedgvdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkgggtugesghdtreertddtvdenucfhrhhomheprfgrthhrihgt khcuufhtvghinhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnh epuefguedtueeiheetleevgedujeekjeehleejjefhhffghfevgfekueekjedtieejnecu vehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkh hsrdhimh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 11 Jul 2022 06:43:58 -0400 (EDT) Received: from localhost (tanuki [10.192.0.23]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 200a21a0 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 11 Jul 2022 10:43:56 +0000 (UTC) Date: Mon, 11 Jul 2022 12:44:50 +0200 From: Patrick Steinhardt To: grub-devel@gnu.org Cc: Daniel Kiper , Glenn Washburn Subject: [PATCH v5 0/2] luks2: Fix decoding of digests and salts with escaped chars Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jgnlns3Ix8IvkgHv" Content-Disposition: inline Received-SPF: pass client-ip=64.147.123.25; envelope-from=ps@pks.im; helo=wout2-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jul 2022 10:44:05 -0000 --jgnlns3Ix8IvkgHv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, this is the fifth version of my patch series which fixes decoding of digests and salts in LUKS2 headers in case they happen to contain escaped characters. While modern cryptsetup versions in fact don't escape any characters part of the Base64 alphabet, old versions of cryptsetup did this until v2.0.2. Changes compared to v4 include mostly style-related fixes pointed out by Daniel. Please refer to the range-diff below. Patrick Patrick Steinhardt (2): json: Add function to unescape JSON-encoded strings luks2: Fix decoding of digests and salts with escaped chars grub-core/disk/luks2.c | 28 +++++++-- grub-core/lib/json/json.c | 118 ++++++++++++++++++++++++++++++++++++++ grub-core/lib/json/json.h | 12 ++++ 3 files changed, 154 insertions(+), 4 deletions(-) Range-diff against v4: 1: c2233323a ! 1: ebab6b092 json: Add function to unescape JSON-encoded s= trings @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, co= nst grub_jso + grub_size_t inpos, resultpos; + char *result; + -+ if (!out || !outlen) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Output parameters are = not set"); ++ if (out =3D=3D NULL || outlen =3D=3D NULL) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("output parameters a= re not set")); + + result =3D grub_calloc (1, inlen + 1); -+ if (!result) ++ if (result =3D=3D NULL) + return GRUB_ERR_OUT_OF_MEMORY; + + for (inpos =3D resultpos =3D 0; inpos < inlen; inpos++) @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, co= nst grub_jso + inpos++; + if (inpos >=3D inlen) + { -+ ret =3D grub_error (GRUB_ERR_BAD_ARGUMENT, "Expected escaped c= haracter"); ++ ret =3D grub_error (GRUB_ERR_BAD_ARGUMENT, N_("expected escape= d character")); + goto err; + } + + switch (in[inpos]) + { + case '"': -+ result[resultpos++] =3D '"'; break; ++ result[resultpos++] =3D '"'; ++ break; ++ + case '/': -+ result[resultpos++] =3D '/'; break; ++ result[resultpos++] =3D '/'; ++ break; ++ + case '\\': -+ result[resultpos++] =3D '\\'; break; ++ result[resultpos++] =3D '\\'; ++ break; ++ + case 'b': -+ result[resultpos++] =3D '\b'; break; ++ result[resultpos++] =3D '\b'; ++ break; ++ + case 'f': -+ result[resultpos++] =3D '\f'; break; ++ result[resultpos++] =3D '\f'; ++ break; ++ + case 'r': -+ result[resultpos++] =3D '\r'; break; ++ result[resultpos++] =3D '\r'; ++ break; ++ + case 'n': -+ result[resultpos++] =3D '\n'; break; ++ result[resultpos++] =3D '\n'; ++ break; ++ + case 't': -+ result[resultpos++] =3D '\t'; break; ++ result[resultpos++] =3D '\t'; ++ break; ++ + case 'u': + { -+ unsigned char values[4] =3D {0}; -+ int i; ++ char values[4] =3D {0}; ++ unsigned i; + + inpos++; + if (inpos + ARRAY_SIZE(values) > inlen) + { -+ ret =3D grub_error (GRUB_ERR_BAD_ARGUMENT, "Unicode sequence = too short"); ++ ret =3D grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unicode sequen= ce too short")); + goto err; + } + -+ for (i =3D 0; i < 4; i++) ++ for (i =3D 0; i < ARRAY_SIZE(values); i++) + { + char c =3D in[inpos++]; + @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, co= nst grub_jso + else + { + ret =3D grub_error (GRUB_ERR_BAD_ARGUMENT, -+ "Unicode sequence with invalid character '%c'", c); ++ N_("unicode sequence with invalid character '%c'"), c); + goto err; + } + } @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, co= nst grub_jso + + break; + } ++ + default: -+ ret =3D grub_error (GRUB_ERR_BAD_ARGUMENT, "Unrecognized escaped ch= aracter '%c'", in[inpos]); ++ ret =3D grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unrecognized escaped= character '%c'"), in[inpos]); + goto err; + } + } @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, co= nst grub_jso + *out =3D result; + *outlen =3D resultpos; + -+err: ++ err: + if (ret !=3D GRUB_ERR_NONE) + grub_free (result); + 2: 84370adba ! 2: 60ccd669d luks2: Fix decoding of digests and salts with= escaped chars @@ grub-core/disk/luks2.c: luks2_scan (grub_disk_t disk, grub_cryptomou= nt_args_t ca + bool successful; + + if (grub_json_unescape (&unescaped, &unescaped_len, in, inlen) !=3D= GRUB_ERR_NONE) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not unescape Bas= e64 string"); ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not unescape = Base64 string")); + -+ successful =3D base64_decode (unescaped, (size_t)unescaped_len, (ch= ar *)decoded, decodedlen); ++ successful =3D base64_decode (unescaped, (grub_size_t) unescaped_le= n, (char *) decoded, decodedlen); + grub_free (unescaped); + if (!successful) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not decode Base6= 4 string"); ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not decode Ba= se64 string")); + + return GRUB_ERR_NONE; +} --=20 2.37.0 --jgnlns3Ix8IvkgHv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAmLL/yEACgkQVbJhu7ck PpSUXA/9G62izYwcW9A+84UdY7rU/VL0gJf2PTGLtRvVKSE/X5cr5HtsWXZrN2VG wEHKbFQKvQoFJ3rXNAb5sG23kLgz7xgVlvo4JfxNRQQpN0UbJRRKjDoVI0zxV58Y 18E225zjX/Rvl6hb5RD16EShQOFS1hW6WcD4USUPJSDmWL1VOHSu5yYQb3yauoDh cj38YymQsAwTLNsqZeyh0Ks4jxRbc+n38Rnm7TDQ+WJ1bYMkbngSa2D5nS1zvbtR RpUH4s50TWSqVMeCs7Iw0ye1fZbq6vEWngkG+pUsr8Zoj6OdqVvImm3x0uJaLaWZ ql/2hm1NF7v7z0+K7vXiRsnocL2UViH4pAnROvTuhZxskZTyE513SNwldUXfU7Oi AkJXQ0gBrLMPLPiEfW/GFaoGeqGeZF40vBtiipDvTVKazRf9532KEXvZYHJe0XeT ROrapGLpUDOOfcGjzOuHuxuqe5YkJtt1DEWxNoWCzEM7mcvYrFdm0M0uhsPVjSqn Sl9E17Xok22bbogBAD0kEgk0iV4TRIX7gWWaddUosiSWT+dqxNGtJxjxqN6lf+/j X73/V/JOB7jHi3O2JgTJ9+0BkIF0/e4lZUGdQyrsA/ahzlh78B+4RMt44ja7rrlf PK0GlDkLR0SKvPwHPvm841h5tXUVpgrkBHFhTkA8u+hqgZJi9LM= =0S6l -----END PGP SIGNATURE----- --jgnlns3Ix8IvkgHv--