[Pkg-cryptsetup-devel] Bug#381973: cryptsetup segfaults with
unsupported keysize
Jonas Meurer
jonas at freesources.org
Mon Nov 20 23:42:13 CET 2006
Hello Clemens,
Debian bugreport #381973 reports that cryptsetup segfaults when an
incompatible keysize is given as an option.
Later David Härdeman analyzed the following:
> During "cryptsetup luksOpen" with the previously set 448 bit (56 byte)
> key, we'll have the following call chain:
>
> main -> action_luksOpen -> crypt_job -> __crypt_luks_open ->
> LUKS_open_any_key -> LUKS_open_key -> AF_merge
>
> AF_merge is being called as:
> AF_merge(AfKey,mk->key,mk->keyLength,hdr->keyblock[keyIndex].stripes);
>
> mk->keyLength is here (correctly) set to 56, and mk->key is a statically
> allocated 32 byte buffer (defined as part of struct luks_masterkey in
> luks.h).
>
> This will lead the last call to XORblock in AF_merge to scribble 56 - 32
> bytes outside that buffer, thus corrupting the stack and leading to
> interesting crashes in unrelated places later.
The simplest solution would be to check whether mk->keyLength is a
multible of eigth and exit with an error message otherwise, correct?
or would that break something?
If not, it would be rather easy to fix, and i would love to see it
fixed in debian etch.
...
jonas
More information about the Pkg-cryptsetup-devel
mailing list