Re: [PATCH] crypto: Always initialize splitkeylen

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: Akihiko Odaki <akihiko.odaki@daynix.com>
Cc: qemu-devel@nongnu.org, "Daniel P. Berrangé" <berrange@redhat.com>
Subject: Re: [PATCH] crypto: Always initialize splitkeylen
Date: Mon, 22 May 2023 14:35:35 +0200	[thread overview]
Message-ID: <865a9b78-0fd7-2cc8-8e51-0b8b1b34e514@linaro.org> (raw)
In-Reply-To: <20230522114737.32686-1-akihiko.odaki@daynix.com>

On 22/5/23 13:47, Akihiko Odaki wrote:
> When _FORTIFY_SOURCE=2, glibc version is 2.35, and GCC version is
> 12.1.0, the compiler complains as follows:
> 
> In file included from /usr/include/string.h:535,
>                   from /home/alarm/q/var/qemu/include/qemu/osdep.h:99,
>                   from ../crypto/block-luks.c:21:
> In function 'memset',
>      inlined from 'qcrypto_block_luks_store_key' at ../crypto/block-luks.c:843:9:
> /usr/include/bits/string_fortified.h:59:10: error: 'splitkeylen' may be used uninitialized [-Werror=maybe-uninitialized]
>     59 |   return __builtin___memset_chk (__dest, __ch, __len,
>        |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     60 |                                  __glibc_objsize0 (__dest));
>        |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~
> ../crypto/block-luks.c: In function 'qcrypto_block_luks_store_key':
> ../crypto/block-luks.c:699:12: note: 'splitkeylen' was declared here
>    699 |     size_t splitkeylen;
>        |            ^~~~~~~~~~~
> 
> It seems the compiler cannot see that splitkeylen will not be used
> when splitkey is NULL. Suppress the warning by initializing splitkeylen
> even when splitkey stays NULL.

What about using splitkeylen instead?

-- >8 --
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 5688783ab1..dfba98fdc1 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -696,7 +696,7 @@ qcrypto_block_luks_store_key(QCryptoBlock *block,
      QCryptoBlockLUKS *luks = block->opaque;
      QCryptoBlockLUKSKeySlot *slot;
      g_autofree uint8_t *splitkey = NULL;
-    size_t splitkeylen;
+    size_t splitkeylen = 0;
      g_autofree uint8_t *slotkey = NULL;
      g_autoptr(QCryptoCipher) cipher = NULL;
      g_autoptr(QCryptoIVGen) ivgen = NULL;
@@ -839,7 +839,7 @@ cleanup:
      if (slotkey) {
          memset(slotkey, 0, luks->header.master_key_len);
      }
-    if (splitkey) {
+    if (splitkeylen) {
          memset(splitkey, 0, splitkeylen);
      }
      return ret;
---

> 
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> ---
>   crypto/block-luks.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> index 5688783ab1..2f59c3a625 100644
> --- a/crypto/block-luks.c
> +++ b/crypto/block-luks.c
> @@ -706,14 +706,14 @@ qcrypto_block_luks_store_key(QCryptoBlock *block,
>   
>       assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
>       slot = &luks->header.key_slots[slot_idx];
> +    splitkeylen = luks->header.master_key_len * slot->stripes;
> +
>       if (qcrypto_random_bytes(slot->salt,
>                                QCRYPTO_BLOCK_LUKS_SALT_LEN,
>                                errp) < 0) {
>           goto cleanup;
>       }
>   
> -    splitkeylen = luks->header.master_key_len * slot->stripes;
> -
>       /*
>        * Determine how many iterations are required to
>        * hash the user password while consuming 1 second of compute

next prev parent reply	other threads:[~2023-05-22 12:36 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-22 11:47 [PATCH] crypto: Always initialize splitkeylen Akihiko Odaki
2023-05-22 12:35 ` Philippe Mathieu-Daudé [this message]
2023-05-22 13:08   ` Akihiko Odaki
2023-05-26 10:37 ` Daniel P. Berrangé

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5688783ab dfblob:dfba98fdc )
 OR (
bs:"Re: [PATCH] crypto: Always initialize splitkeylen" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=865a9b78-0fd7-2cc8-8e51-0b8b1b34e514@linaro.org \
    --to=philmd@linaro.org \
    --cc=akihiko.odaki@daynix.com \
    --cc=berrange@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).