Commit a0587d43 authored by Tobias Stoeckmann's avatar Tobias Stoeckmann Committed by Milan Broz

Avoid integer overflows during memory allocation.

It is possible to overflow integers during memory allocation with
insanely large "key bytes" specified in a LUKS header.

Although it could be argued to properly validate LUKS headers while
parsing them, it's still a good idea to fix any form of possible
overflow attacks against cryptsetup in these allocation functions.
parent 67d55d08
......@@ -57,7 +57,7 @@ struct volume_key {
char key[];
};
struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key);
struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key);
struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength);
void crypt_free_volume_key(struct volume_key *vk);
......
......@@ -22,6 +22,7 @@
#include <stdlib.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
......@@ -97,7 +98,7 @@ void *crypt_safe_alloc(size_t size)
{
struct safe_allocation *alloc;
if (!size)
if (!size || size > (SIZE_MAX - offsetof(struct safe_allocation, data)))
return NULL;
alloc = malloc(size + offsetof(struct safe_allocation, data));
......
......@@ -20,14 +20,19 @@
*/
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include "internal.h"
struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key)
struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key)
{
struct volume_key *vk = malloc(sizeof(*vk) + keylength);
struct volume_key *vk;
if (!keylength || keylength > (SIZE_MAX - sizeof(*vk)))
return NULL;
vk = malloc(sizeof(*vk) + keylength);
if (!vk)
return NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment