cryptsetup/0003-Check-segment-gaps-regardless-of-heap-space.patch

From e8e71e43c3ff2dca951d30af48708bcb411e47d2 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 24 Aug 2020 19:21:43 +0200
Subject: [PATCH 3/5] Check segment gaps regardless of heap space.

Segments are validated in hdr_validate_segments. Gaps in segment keys
are detected when collecting offsets. But if an invalid segment is very
large, larger than count, it could happen that cryptsetup is unable to
allocate enough memory, not giving a clue about what actually is the
problem.

Therefore check for gaps even if not enough memory is available. This
gives much more information with debug output enabled.

Obviously cryptsetup still fails if segments are perfectly fine but not
enough RAM available. But at that stage, the user knows that it's the
fault of the system, not of an invalid segment.
---
 lib/luks2/luks2_json_metadata.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
index e346067..e4e1424 100644
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -679,11 +679,10 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
 	if (first_backup < 0)
 		first_backup = count;
 
-	intervals = malloc(first_backup * sizeof(*intervals));
-	if (!intervals) {
-		log_dbg(cd, "Not enough memory.");
-		return 1;
-	}
+	if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals))
+		intervals = malloc(first_backup * sizeof(*intervals));
+	else
+		intervals = NULL;
 
 	for (i = 0; i < first_backup; i++) {
 		jobj = json_segments_get_segment(jobj_segments, i);
@@ -692,8 +691,14 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
 			free(intervals);
 			return 1;
 		}
-		intervals[i].offset = json_segment_get_offset(jobj, 0);
-		intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
+		if (intervals != NULL) {
+			intervals[i].offset = json_segment_get_offset(jobj, 0);
+			intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
+		}
+	}
+	if (intervals == NULL) {
+		log_dbg(cd, "Not enough memory.");
+		return 1;
 	}
 
 	r = !validate_segment_intervals(cd, first_backup, intervals);
-- 
1.8.3.1
cryptsetup: backport upstream patches to solve several problems -epoch2 backport upstream patches to solve several problems -epoch2 Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> 2020-10-30 18:53:55 +08:00			`From e8e71e43c3ff2dca951d30af48708bcb411e47d2 Mon Sep 17 00:00:00 2001`
			`From: Tobias Stoeckmann <tobias@stoeckmann.org>`
			`Date: Mon, 24 Aug 2020 19:21:43 +0200`
			`Subject: [PATCH 3/5] Check segment gaps regardless of heap space.`

			`Segments are validated in hdr_validate_segments. Gaps in segment keys`
			`are detected when collecting offsets. But if an invalid segment is very`
			`large, larger than count, it could happen that cryptsetup is unable to`
			`allocate enough memory, not giving a clue about what actually is the`
			`problem.`

			`Therefore check for gaps even if not enough memory is available. This`
			`gives much more information with debug output enabled.`

			`Obviously cryptsetup still fails if segments are perfectly fine but not`
			`enough RAM available. But at that stage, the user knows that it's the`
			`fault of the system, not of an invalid segment.`
			`---`
			`lib/luks2/luks2_json_metadata.c \| 19 ++++++++++++-------`
			`1 file changed, 12 insertions(+), 7 deletions(-)`

			`diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c`
			`index e346067..e4e1424 100644`
			`--- a/lib/luks2/luks2_json_metadata.c`
			`+++ b/lib/luks2/luks2_json_metadata.c`
			`@@ -679,11 +679,10 @@ static int hdr_validate_segments(struct crypt_device cd, json_object hdr_jobj)`
			`if (first_backup < 0)`
			`first_backup = count;`

			`- intervals = malloc(first_backup * sizeof(*intervals));`
			`- if (!intervals) {`
			`- log_dbg(cd, "Not enough memory.");`
			`- return 1;`
			`- }`
			`+ if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals))`
			`+ intervals = malloc(first_backup * sizeof(*intervals));`
			`+ else`
			`+ intervals = NULL;`

			`for (i = 0; i < first_backup; i++) {`
			`jobj = json_segments_get_segment(jobj_segments, i);`
			`@@ -692,8 +691,14 @@ static int hdr_validate_segments(struct crypt_device cd, json_object hdr_jobj)`
			`free(intervals);`
			`return 1;`
			`}`
			`- intervals[i].offset = json_segment_get_offset(jobj, 0);`
			`- intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;`
			`+ if (intervals != NULL) {`
			`+ intervals[i].offset = json_segment_get_offset(jobj, 0);`
			`+ intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;`
			`+ }`
			`+ }`
			`+ if (intervals == NULL) {`
			`+ log_dbg(cd, "Not enough memory.");`
			`+ return 1;`
			`}`

			`r = !validate_segment_intervals(cd, first_backup, intervals);`
			`--`
			`1.8.3.1`