From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <n-roeser@gmx.net>
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mail.saout.de (Postfix) with SMTP
	for <dm-crypt@saout.de>; Fri, 11 Dec 2009 11:57:25 +0100 (CET)
Message-ID: <4B22258A.4070009@gmx.net>
Date: Fri, 11 Dec 2009 11:57:14 +0100
From: "Nico R." <n-roeser@gmx.net>
MIME-Version: 1.0
References: <4B2023F1.6050306@gmx.net> <20091211040619.GA6979@tansi.org>
In-Reply-To: <20091211040619.GA6979@tansi.org>
Content-Type: multipart/signed; micalg=pgp-ripemd160;
	protocol="application/pgp-signature";
	boundary="------------enig1B1DBC89C1CFCDA8A81A9698"
Subject: Re: [dm-crypt] Exhaustive key reading seems to silently stop on
	error
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1B1DBC89C1CFCDA8A81A9698
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi!

(De-TOFU-ized.)

> On Wed, Dec 09, 2009 at 11:25:53PM +0100, Nico R. wrote:
[=E2=80=A6]
>> In lib/utils.c (line 450f. in cryptsetup-1.0.7; line 490f. in current
>> SVN revision, r132, equal to r152), we see the following code:
>>
>> if(read(fd, pass + i, 1) !=3D 1 || (newline_stop && pass[i] =3D=3D '\n=
'))
>>         break;
>>
>> If I interpret that snipped (and its surroundings) correctly, the code=

>> will read until EOF *or* until an error occurs.
>>
>> If my interpretation is true, that code causes a problem:
[=E2=80=A6]

Arno Wagner wrote:
> Hmm. This seems to indeed be a bug.
>=20
> I gather there is no code later that distinguishes=20
> EOF and error and deals with the second possibility?

As far as I can see, there is not. See
<URL:http://code.google.com/p/cryptsetup/source/browse/trunk/lib/utils.c?=
r=3D132#480>.
--=20
Nico


--------------enig1B1DBC89C1CFCDA8A81A9698
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)

iEYEAREDAAYFAksiJZQACgkQxI5uhYOGv4UcHQCeNUBS//NHtPfwrGKNf7eglswi
m0EAniYlv69FBEZTWNHRtRqF38j0e6la
=23wa
-----END PGP SIGNATURE-----

--------------enig1B1DBC89C1CFCDA8A81A9698--