1. 26 Jun, 2017 2 commits
  2. 24 Jun, 2017 5 commits
  3. 23 Jun, 2017 2 commits
  4. 22 Jun, 2017 1 commit
  5. 21 Jun, 2017 1 commit
  6. 18 Jun, 2017 1 commit
  7. 16 Jun, 2017 1 commit
  8. 15 Jun, 2017 4 commits
  9. 09 Jun, 2017 1 commit
  10. 08 Jun, 2017 4 commits
  11. 07 Jun, 2017 4 commits
  12. 06 Jun, 2017 1 commit
  13. 01 Jun, 2017 3 commits
  14. 30 May, 2017 1 commit
  15. 29 May, 2017 3 commits
  16. 28 May, 2017 3 commits
  17. 15 May, 2017 2 commits
  18. 02 May, 2017 1 commit
    • Prevent double free with invalid verity partition. · 44d5269c
      It is possible to trigger a double free with an invalid verity
      partition. All it takes is an unknown hash algorithm, which makes it
      a bit more likely than a completely broken partition header. But all
      it takes is an error return value of VERITY_read_sb() or strdup().
      
      If crypt_load fails before setting cd->type, crypt_free will handle
      the union as if it was of type "none", which means it will call free()
      for "active_name", a field which is only properly set up when the
      type was actually "none".
      
      In all other cases, "active_name" contains the first 4 or 8 bytes of
      the actually used header structure. Fortunately it can be only a
      pointer or NULL, so an attacker has no direct control of the value.
      Nonetheless it can easily trigger a double free.
      
      Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
      Tobias Stoeckmann committed