Re: [PATCH v7 04/17] luks2: Make sure all fields of output argument in luks2_parse_digest() are written to
On Fri, Dec 04, 2020 at 10:43:33AM -0600, Glenn Washburn wrote: > We should assume that the output argument "out" is uninitialized and could > have random data. So, make sure to initialize the segments and keyslots bit > fields because potentially not all bits of those fields are written to. > Otherwise, the digest could say it belongs to keyslots and segments that it > does not. > > Signed-off-by: Glenn Washburn Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v7 04/17] luks2: Make sure all fields of output argument in luks2_parse_digest() are written to
On Fri, Dec 04, 2020 at 10:43:33AM -0600, Glenn Washburn wrote:
> We should assume that the output argument "out" is uninitialized and could
> have random data. So, make sure to initialize the segments and keyslots bit
> fields because potentially not all bits of those fields are written to.
> Otherwise, the digest could say it belongs to keyslots and segments that it
> does not.
>
> Signed-off-by: Glenn Washburn
Makes sense.
Signed-off-by: Patrick Steinhardt
> ---
> grub-core/disk/luks2.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> index bdb90e4b6..eadd529e9 100644
> --- a/grub-core/disk/luks2.c
> +++ b/grub-core/disk/luks2.c
> @@ -230,6 +230,7 @@ luks2_parse_digest (grub_luks2_digest_t *out, const
> grub_json_t *digest)
> return grub_error (GRUB_ERR_BAD_ARGUMENT,
> "Digest references no segments");
>
> + out->segments = 0;
>for (i = 0; i < size; i++)
> {
>if (grub_json_getchild (&o, &segments, i) ||
> @@ -242,6 +243,7 @@ luks2_parse_digest (grub_luks2_digest_t *out, const
> grub_json_t *digest)
> return grub_error (GRUB_ERR_BAD_ARGUMENT,
> "Digest references no keyslots");
>
> + out->keyslots = 0;
>for (i = 0; i < size; i++)
> {
>if (grub_json_getchild (&o, &keyslots, i) ||
> --
> 2.27.0
>
signature.asc
Description: PGP signature
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v7 04/17] luks2: Make sure all fields of output argument in luks2_parse_digest() are written to
We should assume that the output argument "out" is uninitialized and could
have random data. So, make sure to initialize the segments and keyslots bit
fields because potentially not all bits of those fields are written to.
Otherwise, the digest could say it belongs to keyslots and segments that it
does not.
Signed-off-by: Glenn Washburn
---
grub-core/disk/luks2.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index bdb90e4b6..eadd529e9 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -230,6 +230,7 @@ luks2_parse_digest (grub_luks2_digest_t *out, const
grub_json_t *digest)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
"Digest references no segments");
+ out->segments = 0;
for (i = 0; i < size; i++)
{
if (grub_json_getchild (&o, &segments, i) ||
@@ -242,6 +243,7 @@ luks2_parse_digest (grub_luks2_digest_t *out, const
grub_json_t *digest)
return grub_error (GRUB_ERR_BAD_ARGUMENT,
"Digest references no keyslots");
+ out->keyslots = 0;
for (i = 0; i < size; i++)
{
if (grub_json_getchild (&o, &keyslots, i) ||
--
2.27.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
