[dm-crypt] Exhaustive key reading seems to silently stop on error

["Nico R." <n-roeser@gmx.net>]

[-- Attachment #1: Type: text/plain, Size: 1049 bytes --]

Hello!

Just a minute ago, I have subscribed to this list in order to let you
know about what I have found in the cryptsetup code and which seems to
be a bug to me.

In lib/utils.c (line 450f. in cryptsetup-1.0.7; line 490f. in current
SVN revision, r132, equal to r152), we see the following code:

if(read(fd, pass + i, 1) != 1 || (newline_stop && pass[i] == '\n'))
        break;

If I interpret that snipped (and its surroundings) correctly, the code
will read until EOF *or* until an error occurs.

If my interpretation is true, that code causes a problem: imagine a
hardware failure while reading the key the first two times (for
luksFormat/luksOpen). The read function returns -1 and sets errno to
EIO. cryptsetup continues with a truncated key, it seems. On a later
attempt to read the key (for luksOpen), the hardware failure is gone,
and the key can be read completely. cryptsetup will not be able to open
the encrypted partition anymore.

Please correct me if I got the code wrong … :-)

Thanks
-- 
Nico


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]