From: "Richard W.M. Jones" <rjones@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [PATCH 01/11] crypto: sanity check that LUKS header strings are NUL-terminated
Date: Tue, 6 Sep 2022 10:30:05 +0100 [thread overview]
Message-ID: <20220906093005.GN7484@redhat.com> (raw)
In-Reply-To: <20220906084147.1423045-2-berrange@redhat.com>
On Tue, Sep 06, 2022 at 09:41:37AM +0100, Daniel P. Berrangé wrote:
> The LUKS spec requires that header strings are NUL-terminated, and our
> code relies on that. Protect against maliciously crafted headers by
> adding validation.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> crypto/block-luks.c | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>
> diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> index f62be6836b..27d1b34c1d 100644
> --- a/crypto/block-luks.c
> +++ b/crypto/block-luks.c
> @@ -554,6 +554,24 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
> return -1;
> }
>
> + if (!memchr(luks->header.cipher_name, '\0',
> + sizeof(luks->header.cipher_name))) {
> + error_setg(errp, "LUKS header cipher name is not NUL terminated");
> + return -1;
> + }
> +
> + if (!memchr(luks->header.cipher_mode, '\0',
> + sizeof(luks->header.cipher_mode))) {
> + error_setg(errp, "LUKS header cipher mode is not NUL terminated");
> + return -1;
> + }
> +
> + if (!memchr(luks->header.hash_spec, '\0',
> + sizeof(luks->header.hash_spec))) {
> + error_setg(errp, "LUKS header hash spec is not NUL terminated");
> + return -1;
> + }
> +
> /* Check all keyslots for corruption */
> for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; i++) {
I think this was the error I originally wrote to you about, and I
think it's the most important fix because non-terminated strings seem
(possibly) exploitable.
FWIW nbdkit does this which is slightly different:
char cipher_name[33], cipher_mode[33], hash_spec[33];
/* Copy the header fields locally and ensure they are \0 terminated. */
memcpy (cipher_name, h->phdr.cipher_name, 32);
cipher_name[32] = 0;
memcpy (cipher_mode, h->phdr.cipher_mode, 32);
cipher_mode[32] = 0;
memcpy (hash_spec, h->phdr.hash_spec, 32);
hash_spec[32] = 0;
Anyway the change above looks good so:
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
next prev parent reply other threads:[~2022-09-06 10:17 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-06 8:41 [PATCH 00/11] crypto: improve robustness of LUKS metadata validation Daniel P. Berrangé
2022-09-06 8:41 ` [PATCH 01/11] crypto: sanity check that LUKS header strings are NUL-terminated Daniel P. Berrangé
2022-09-06 9:30 ` Richard W.M. Jones [this message]
2022-09-06 8:41 ` [PATCH 02/11] crypto: enforce that LUKS stripes is always a fixed value Daniel P. Berrangé
2022-09-06 9:09 ` Richard W.M. Jones
2022-09-06 8:41 ` [PATCH 03/11] crypto: enforce that key material doesn't overlap with LUKS header Daniel P. Berrangé
2022-09-06 8:41 ` [PATCH 04/11] crypto: validate that LUKS payload doesn't overlap with header Daniel P. Berrangé
2022-09-06 9:19 ` Richard W.M. Jones
2022-09-06 8:41 ` [PATCH 05/11] crypto: strengthen the check for key slots overlapping with LUKS header Daniel P. Berrangé
2022-09-06 8:41 ` [PATCH 06/11] crypto: check that LUKS PBKDF2 iterations count is non-zero Daniel P. Berrangé
2022-09-06 9:26 ` Richard W.M. Jones
2022-10-27 11:59 ` Daniel P. Berrangé
2022-09-06 8:41 ` [PATCH 07/11] crypto: split LUKS header definitions off into file Daniel P. Berrangé
2022-09-06 8:41 ` [PATCH 08/11] crypto: split off helpers for converting LUKS header endianess Daniel P. Berrangé
2022-09-06 8:41 ` [PATCH 09/11] crypto: quote algorithm names in error messages Daniel P. Berrangé
2022-09-06 8:41 ` [PATCH 10/11] crypto: ensure LUKS tests run with GNUTLS crypto provider Daniel P. Berrangé
2022-09-06 8:41 ` [PATCH 11/11] crypto: add test cases for many malformed LUKS header scenarios Daniel P. Berrangé
2022-09-06 9:31 ` [PATCH 00/11] crypto: improve robustness of LUKS metadata validation Richard W.M. Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220906093005.GN7484@redhat.com \
--to=rjones@redhat.com \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).