[pkg-cryptsetup-devel] Bug#994056: cryptsetup: blkid check fails to take offset option into account

Thorsten Glaser tg at mirbsd.de
Fri Oct 8 17:51:42 BST 2021


Guilhem Moulin dixit:

>first to report it I suppose nobody uses large offset= values.  Don't
>think adding ‘Depends: bc’ is justified here :-P.

Eh, bc’s supposed to be a base tool anyway…

>Also in practice I was able to use offset=2⁵⁹

(buster-i386)tglase at tglase:~ $ echo '2^59' | bc
576460752303423488
(buster-i386)tglase at tglase:~ $ echo $(($(echo '2^59' | bc)*512))
0
(buster-i386)tglase at tglase:~ $ bash
bash$ echo $(($(echo '2^59' | bc)*512))
0

I’d not call this “use”.

> with bash, dash, klibc's sh and busybox's sh

mksh is also a viable /bin/sh (the /bin/lksh binary), and for that
I speak as developer ;)

>I'll just ignore the potential overflow. I'll just make the script
>choke when the arithmetic operation fails.

That’s the problem: the operation does not fail, it “only” overflows.
Overflowing *is* permitted (by C UB rules) to do “rm -rf /” even if
GCC does not (yet) do that… but even if it wraps around, you get the
WRONG values (see above).

(buster-i386)tglase at tglase:~ $ lksh -c 'echo $(($(echo "2^40" | bc)*512))'
0

(This is actually what POSIX requires. So bash, dash, etc. are
actually noncompliant on 32-bit platforms.)

So please, if you’re going to “ignore” this in practice, at least
install the code that checks for offset ≤ 4194303. I can provide
a corresponding patch, if you want.

bye,
//mirabilos
-- 
FWIW, I'm quite impressed with mksh interactively. I thought it was much
*much* more bare bones. But it turns out it beats the living hell out of
ksh93 in that respect. I'd even consider it for my daily use if I hadn't
wasted half my life on my zsh setup. :-) -- Frank Terbeck in #!/bin/mksh



More information about the pkg-cryptsetup-devel mailing list