Re: [PATCH v2] e4crypt: if salt is explicitly provided to add_key, then use it

[Eric Biggers <ebiggers@kernel.org>]

On Tue, Jul 07, 2020 at 10:27:30AM +0200, Florian Schmaus wrote:
> Providing -S and a path to 'add_key' previously exhibit an unintuitive

exhibit => exhibited

> behavior: instead of using the salt explicitly provided by the user,
> e4crypt would use the salt obtained via EXT4_IOC_GET_ENCRYPTION_PWSALT
> on the path. This was because set_policy() was still called with NULL
> as salt.
> 
> With this change we now remember the explicitly provided salt (if any)
> and use it as argument for set_policy().
> 
> Eventually
> 
> e4crypt add_key -S s:my-spicy-salt /foo
> 
> will now actually use 'my-spicy-salt' and not something else as salt
> for the policy set on /foo.
> 
> Signed-off-by: Florian Schmaus <flo@geekplace.eu>
> ---
> 
> Notes:
>     - Clarify -S description in man page.
>     - Do not store a reference to salt_list entry, as it
>       could be reallocated causing a use-after-free.
>     - Only parse the salts of the path arguments if no
>       salt was explicitly specified.
> 
>  misc/e4crypt.8.in |  4 +++-
>  misc/e4crypt.c    | 18 ++++++++++++++----
>  2 files changed, 17 insertions(+), 5 deletions(-)
> 
> diff --git a/misc/e4crypt.8.in b/misc/e4crypt.8.in
> index 75b968a0..fe9372cf 100644
> --- a/misc/e4crypt.8.in
> +++ b/misc/e4crypt.8.in
> @@ -48,7 +48,9 @@ values are 4, 8, 16, and 32.
>  If one or more directory paths are specified, e4crypt will try to
>  set the policy of those directories to use the key just added by the
>  .B add_key
> -command.
> +command.  If a salt was explicitly specified, then it will be used
> +to derive the encryption key of those directories.  Otherwise a
> +directory-specific default salt will be used.
>  .TP
>  .B e4crypt get_policy \fIpath\fR ...
>  Print the policy for the directories specified on the command line.
> diff --git a/misc/e4crypt.c b/misc/e4crypt.c
> index 2ae6254a..67d25d88 100644
> --- a/misc/e4crypt.c
> +++ b/misc/e4crypt.c
> @@ -26,6 +26,7 @@
>  #include <getopt.h>
>  #include <dirent.h>
>  #include <errno.h>
> +#include <stdbool.h>

I'd like to use <stdbool.h> too, but I'm not sure if it's allowed in e2fsprogs;
this would be the first use.  Everywhere else seems to just use int, 0, and 1.
Ted, is stdbool.h allowed in e2fsprogs?

> +	if (!explicit_salt)
> +		for (i = optind; i < argc; i++)
> +			parse_salt(argv[i], PARSE_FLAGS_FORCE_FN);

There should be braces at the outer level (following Linux kernel coding style):

	if (!explicit_salt) {
		for (i = optind; i < argc; i++)
			parse_salt(argv[i], PARSE_FLAGS_FORCE_FN);
	}


Otherwise this patch looks fine.

Hopefully people aren't depending on this bug being present.

- Eric