Commit 46ee71ed authored by Ondrej Kozina's avatar Ondrej Kozina Committed by Milan Broz
Browse files

Avoid needlessly large allocations in LUKS2 validation code.

In case LUKS2 backup segment creates gap in between last regular
segment and backup segment report invalid metadata imediately. We stop
on first error so there's no need to allocate large memory on heap
(we may ran with mlock(MCL_FUTURE) set).

- total segments count is 3
- regular segments have keys "0" and "1"
- first backup segment has key "42"
parent bcfb7731
......@@ -676,10 +676,16 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
return 1;
/* avoid needlessly large allocation when first backup segment is invalid */
if (first_backup >= count) {
log_dbg(cd, "Gap between last regular segment and backup segment at key %d.", first_backup);
return 1;
if (first_backup < 0)
first_backup = count;
if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals))
if ((size_t)first_backup < SIZE_MAX / sizeof(*intervals))
intervals = malloc(first_backup * sizeof(*intervals));
intervals = NULL;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment