Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 137758 Details for
Bug 201295
sys-fs/cryptsetup-1.0.5: header passphrase never used in library
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
This patch removes the passphrase bug in cryptsetup-1.0.5.
cryptsetup-1.0.5-lib_passphrase.patch (text/plain), 6.27 KB, created by
fisch
on 2007-12-04 22:58:43 UTC
(
hide
)
Description:
This patch removes the passphrase bug in cryptsetup-1.0.5.
Filename:
MIME Type:
Creator:
fisch
Created:
2007-12-04 22:58:43 UTC
Size:
6.27 KB
patch
obsolete
>--- cryptsetup-1.0.5/lib/setup.c 2007-05-02 16:44:06.000000000 +0200 >+++ workspace/cryptsetup/lib/setup.c 2007-12-04 23:22:21.000000000 +0100 >@@ -167,103 +167,117 @@ > int newline_stop; > int read_horizon; > >- if(options->key_file && !strcmp(options->key_file, "-")) { >- /* Allow binary reading from stdin */ >- fd = options->passphrase_fd; >- newline_stop = 0; >- read_horizon = 0; >- } else if (options->key_file) { >- fd = open(options->key_file, O_RDONLY); >- if (fd < 0) { >- char buf[128]; >- set_error("Error opening key file: %s", >- strerror_r(errno, buf, 128)); >+ if(options->passphrase) { >+ if(strlen(options->passphrase) > 512) >+ { >+ set_error("Passphrase size exceeds memory limits"); > goto out_err; > } >- newline_stop = 0; >- >- /* This can either be 0 (LUKS) or the actually number >- * of key bytes (default or passed by -s) */ >- read_horizon = options->key_size; >- } else { >- fd = options->passphrase_fd; >- newline_stop = 1; >- read_horizon = 0; /* Infinite, if read from terminal or fd */ >- } >- >- /* Interactive case */ >- if(isatty(fd)) { >- int i; >- > pass = safe_alloc(512); >- if (!pass || (i = interactive_pass(prompt, pass, 512, options->timeout))) { >- set_error("Error reading passphrase"); >- goto out_err; >- } >- if (verify || verify_if_possible) { >- char pass_verify[512]; >- i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), options->timeout); >- if (i || strcmp(pass, pass_verify) != 0) { >- set_error("Passphrases do not match"); >+ strcpy(pass, options->passphrase); >+ *key = pass; >+ *passLen = strlen(pass); >+ } >+ else { >+ if(options->key_file && !strcmp(options->key_file, "-")) { >+ /* Allow binary reading from stdin */ >+ fd = options->passphrase_fd; >+ newline_stop = 0; >+ read_horizon = 0; >+ } else if (options->key_file) { >+ fd = open(options->key_file, O_RDONLY); >+ if (fd < 0) { >+ char buf[128]; >+ set_error("Error opening key file: %s", >+ strerror_r(errno, buf, 128)); > goto out_err; > } >- memset(pass_verify, 0, sizeof(pass_verify)); >- } >- *passLen = strlen(pass); >- *key = pass; >- } else { >- /* >- * This is either a fd-input or a file, in neither case we can verify the input, >- * however we don't stop on new lines if it's a binary file. >- */ >- int buflen, i; >- >- if(verify) { >- set_error("Can't do passphrase verification on non-tty inputs"); >- goto out_err; >- } >- /* The following for control loop does an exhausting >- * read on the key material file, if requested with >- * key_size == 0, as it's done by LUKS. However, we >- * should warn the user, if it's a non-regular file, >- * such as /dev/random, because in this case, the loop >- * will read forever. >- */ >- if(options->key_file && strcmp(options->key_file, "-") && read_horizon == 0) { >- struct stat st; >- if(stat(options->key_file, &st) < 0) { >- set_error("Can't stat key file"); >+ newline_stop = 0; >+ >+ /* This can either be 0 (LUKS) or the actually number >+ * of key bytes (default or passed by -s) */ >+ read_horizon = options->key_size; >+ } else { >+ fd = options->passphrase_fd; >+ newline_stop = 1; >+ read_horizon = 0; /* Infinite, if read from terminal or fd */ >+ } >+ >+ /* Interactive case */ >+ if(isatty(fd)) { >+ int i; >+ >+ pass = safe_alloc(512); >+ if (!pass || (i = interactive_pass(prompt, pass, 512, options->timeout))) { >+ set_error("Error reading passphrase"); > goto out_err; > } >- if(!S_ISREG(st.st_mode)) { >- // set_error("Can't do exhausting read on non regular files"); >- // goto out_err; >- fprintf(stderr,"Warning: exhausting read requested, but key file is not a regular file, function might never return.\n"); >+ if (verify || verify_if_possible) { >+ char pass_verify[512]; >+ i = interactive_pass("Verify passphrase: ", pass_verify, sizeof(pass_verify), options->timeout); >+ if (i || strcmp(pass, pass_verify) != 0) { >+ set_error("Passphrases do not match"); >+ goto out_err; >+ } >+ memset(pass_verify, 0, sizeof(pass_verify)); > } >- } >- buflen = 0; >- for(i = 0; read_horizon == 0 || i < read_horizon; i++) { >- if(i >= buflen - 1) { >- buflen += 128; >- pass = safe_realloc(pass, buflen); >- if (!pass) { >- set_error("Not enough memory while " >- "reading passphrase"); >+ *passLen = strlen(pass); >+ *key = pass; >+ } else { >+ /* >+ * This is either a fd-input or a file, in neither case we can verify the input, >+ * however we don't stop on new lines if it's a binary file. >+ */ >+ int buflen, i; >+ >+ if(verify) { >+ set_error("Can't do passphrase verification on non-tty inputs"); >+ goto out_err; >+ } >+ /* The following for control loop does an exhausting >+ * read on the key material file, if requested with >+ * key_size == 0, as it's done by LUKS. However, we >+ * should warn the user, if it's a non-regular file, >+ * such as /dev/random, because in this case, the loop >+ * will read forever. >+ */ >+ if(options->key_file && strcmp(options->key_file, "-") && read_horizon == 0) { >+ struct stat st; >+ if(stat(options->key_file, &st) < 0) { >+ set_error("Can't stat key file"); > goto out_err; > } >+ if(!S_ISREG(st.st_mode)) { >+ // set_error("Can't do exhausting read on non regular files"); >+ // goto out_err; >+ fprintf(stderr,"Warning: exhausting read requested, but key file is not a regular file, function might never return.\n"); >+ } > } >- if(read(fd, pass + i, 1) != 1 || (newline_stop && pass[i] == '\n')) >- break; >+ buflen = 0; >+ for(i = 0; read_horizon == 0 || i < read_horizon; i++) { >+ if(i >= buflen - 1) { >+ buflen += 128; >+ pass = safe_realloc(pass, buflen); >+ if (!pass) { >+ set_error("Not enough memory while " >+ "reading passphrase"); >+ goto out_err; >+ } >+ } >+ if(read(fd, pass + i, 1) != 1 || (newline_stop && pass[i] == '\n')) >+ break; >+ } >+ if(options->key_file) >+ close(fd); >+ pass[i] = 0; >+ *key = pass; >+ *passLen = i; > } >- if(options->key_file) >- close(fd); >- pass[i] = 0; >- *key = pass; >- *passLen = i; >+ >+ return isatty(fd); /* Return true, when password reading can be tried on interactive fds */ > } >- >- return isatty(fd); /* Return true, when password reading can be tried on interactive fds */ >- >+ return 0; >+ > out_err: > if(pass) > safe_free(pass);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=137758">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 201295
: 137758
