diff options
| author | Daniel P. Berrangé | 2022-05-10 15:27:33 +0200 |
|---|---|---|
| committer | Daniel P. Berrangé | 2022-10-27 13:55:27 +0200 |
| commit | f1195961f36b19ce9008dabf11ee8362803bcd92 (patch) | |
| tree | 6111a083fda6ed1a8395dc6eaf481412ad2a701f /crypto | |
| parent | crypto: sanity check that LUKS header strings are NUL-terminated (diff) | |
| download | qemu-f1195961f36b19ce9008dabf11ee8362803bcd92.tar.gz qemu-f1195961f36b19ce9008dabf11ee8362803bcd92.tar.xz qemu-f1195961f36b19ce9008dabf11ee8362803bcd92.zip | |
crypto: enforce that LUKS stripes is always a fixed value
Although the LUKS stripes are encoded in the keyslot header and so
potentially configurable, in pratice the cryptsetup impl mandates
this has the fixed value 4000. To avoid incompatibility apply the
same enforcement in QEMU too. This also caps the memory usage for
key material when QEMU tries to open a LUKS volume.
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/block-luks.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 27d1b34c1d..81744e2a8e 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -582,8 +582,9 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) header_sectors, slot1->stripes); - if (slot1->stripes == 0) { - error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i); + if (slot1->stripes != QCRYPTO_BLOCK_LUKS_STRIPES) { + error_setg(errp, "Keyslot %zu is corrupted (stripes %d != %d)", + i, slot1->stripes, QCRYPTO_BLOCK_LUKS_STRIPES); return -1; } |