!11 cryptsetup: backport upstream patches to solve several problems -epoch2

From: @liuzhiqiang26
Reviewed-by: @wubo009,@lixiaokeng
Signed-off-by: @wubo009

0003-Check-segment-gaps-regardless-of-heap-space.patch

@@ -0,0 +1,61 @@
+From e8e71e43c3ff2dca951d30af48708bcb411e47d2 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Mon, 24 Aug 2020 19:21:43 +0200
+Subject: [PATCH 3/5] Check segment gaps regardless of heap space.
+
+Segments are validated in hdr_validate_segments. Gaps in segment keys
+are detected when collecting offsets. But if an invalid segment is very
+large, larger than count, it could happen that cryptsetup is unable to
+allocate enough memory, not giving a clue about what actually is the
+problem.
+
+Therefore check for gaps even if not enough memory is available. This
+gives much more information with debug output enabled.
+
+Obviously cryptsetup still fails if segments are perfectly fine but not
+enough RAM available. But at that stage, the user knows that it's the
+fault of the system, not of an invalid segment.
+---
+ lib/luks2/luks2_json_metadata.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
+index e346067..e4e1424 100644
+--- a/lib/luks2/luks2_json_metadata.c
++++ b/lib/luks2/luks2_json_metadata.c
+@@ -679,11 +679,10 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ 	if (first_backup < 0)
+ 		first_backup = count;
+ 
+-	intervals = malloc(first_backup * sizeof(*intervals));
+-	if (!intervals) {
+-		log_dbg(cd, "Not enough memory.");
+-		return 1;
+-	}
++	if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals))
++		intervals = malloc(first_backup * sizeof(*intervals));
++	else
++		intervals = NULL;
+ 
+ 	for (i = 0; i < first_backup; i++) {
+ 		jobj = json_segments_get_segment(jobj_segments, i);
+@@ -692,8 +691,14 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
+ 			free(intervals);
+ 			return 1;
+ 		}
+-		intervals[i].offset = json_segment_get_offset(jobj, 0);
+-		intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
++		if (intervals != NULL) {
++			intervals[i].offset = json_segment_get_offset(jobj, 0);
++			intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
++		}
++	}
++	if (intervals == NULL) {
++		log_dbg(cd, "Not enough memory.");
++		return 1;
+ 	}
+ 
+ 	r = !validate_segment_intervals(cd, first_backup, intervals);
+-- 
+1.8.3.1
+

0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch

@@ -0,0 +1,31 @@
+From 88b2d1af10922e0defb3eeacac6bb03aab9cbd60 Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Thu, 27 Aug 2020 12:12:13 +0200
+Subject: [PATCH 4/5] Fix posible buffer overflows in LUKS conversion.
+
+cipher[31] and cipher_mode[31] buffers were passed to
+crypt_parse_name_and_mode() routine where sscanf(s, "%31[^-]-%31s",
+cipher, cipher_mode) was called.
+
+In corner case it could cause terminating 0 byte written beyond
+respective arrays.
+---
+ lib/luks2/luks2_luks1_convert.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
+index 603c44d..9b70df1 100644
+--- a/lib/luks2/luks2_luks1_convert.c
++++ b/lib/luks2/luks2_luks1_convert.c
+@@ -675,7 +675,7 @@ static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *h
+ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
+ {
+ 	size_t buf_size, buf_offset;
+-	char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1];
++	char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
+ 	char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
+ 	const char *hash;
+ 	size_t len;
+-- 
+1.8.3.1
+

0005-Fix-a-memleak-in-blockwise-test.patch

@@ -0,0 +1,25 @@
+From fa57d76de233e22afd79e81c98a741c23dae3498 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Sat, 29 Aug 2020 12:21:32 +0200
+Subject: [PATCH 5/5] Fix a memleak in blockwise test.
+
+---
+ tests/unit-utils-io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/unit-utils-io.c b/tests/unit-utils-io.c
+index ff5be52..9e59234 100644
+--- a/tests/unit-utils-io.c
++++ b/tests/unit-utils-io.c
+@@ -99,7 +99,7 @@ static int test_write_buffer(void)
+ 	if (ret < 0)
+ 		goto out;
+ 
+-	return (size_t) ret == test_length ? 0 : -EIO;
++	ret = (size_t) ret == test_length ? 0 : -EIO;
+ out:
+ 	if (fd >= 0)
+ 		close(fd);
+-- 
+1.8.3.1
+

cryptsetup.spec

@@ -1,6 +1,6 @@
 Name:     cryptsetup
 Version:  2.3.3
-Release:  1
+Release:  2
 Summary:  Utility used to conveniently set up disk encryption
 License:  GPLv2+ and LGPLv2+
 URL:      https://gitlab.com/cryptsetup/cryptsetup
@@ -8,6 +8,9 @@ Source0:  https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{ve
 
 Patch1:  0001-cryptsetup-add-system-library-paths.patch
 Patch2:  0002-fix-compat-test.patch
+Patch3:  0003-Check-segment-gaps-regardless-of-heap-space.patch
+Patch4:  0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch
+Patch5:  0005-Fix-a-memleak-in-blockwise-test.patch
 
 BuildRequires: openssl-devel, popt-devel, device-mapper-devel, git
 BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel
@@ -107,6 +110,9 @@ This contains man files for the using of cryptsetup.
 %{_mandir}/man8/*
 
 %changelog
+* Fri Oct 30 2020 Zhiqiang Liu <liuzhiqiang26@huawei.com> - 2.3.3-2
+- backport upstream patches to solve several problems -epoch2
+
 * Sat Jul 18 2020 Ruijun Ge <geruijun@huawei.com> - 2.3.3-1
 - update to 2.3.3 version