diff options
author | Daniel P. Berrangé | 2022-05-10 15:35:57 +0200 |
---|---|---|
committer | Daniel P. Berrangé | 2022-10-27 13:55:27 +0200 |
commit | 93569c373027c5c46e518e01c0c3e2d07fbb6890 (patch) | |
tree | e9b30a5a1ef84932442eedfc666e65bb31639e9f | |
parent | crypto: enforce that LUKS stripes is always a fixed value (diff) | |
download | qemu-93569c373027c5c46e518e01c0c3e2d07fbb6890.tar.gz qemu-93569c373027c5c46e518e01c0c3e2d07fbb6890.tar.xz qemu-93569c373027c5c46e518e01c0c3e2d07fbb6890.zip |
crypto: enforce that key material doesn't overlap with LUKS header
We already check that key material doesn't overlap between key slots,
and that it doesn't overlap with the payload. We didn't check for
overlap with the LUKS header.
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-rw-r--r-- | crypto/block-luks.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 81744e2a8e..6ef9a89ffa 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -595,6 +595,14 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) return -1; } + if (start1 < DIV_ROUND_UP(sizeof(QCryptoBlockLUKSHeader), + QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) { + error_setg(errp, + "Keyslot %zu is overlapping with the LUKS header", + i); + return -1; + } + if (start1 + len1 > luks->header.payload_offset_sector) { error_setg(errp, "Keyslot %zu is overlapping with the encrypted payload", |