cryptsetup/0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch

From 88b2d1af10922e0defb3eeacac6bb03aab9cbd60 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Thu, 27 Aug 2020 12:12:13 +0200
Subject: [PATCH 4/5] Fix posible buffer overflows in LUKS conversion.

cipher[31] and cipher_mode[31] buffers were passed to
crypt_parse_name_and_mode() routine where sscanf(s, "%31[^-]-%31s",
cipher, cipher_mode) was called.

In corner case it could cause terminating 0 byte written beyond
respective arrays.
---
 lib/luks2/luks2_luks1_convert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
index 603c44d..9b70df1 100644
--- a/lib/luks2/luks2_luks1_convert.c
+++ b/lib/luks2/luks2_luks1_convert.c
@@ -675,7 +675,7 @@ static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *h
 int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
 {
 	size_t buf_size, buf_offset;
-	char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1];
+	char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
 	char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
 	const char *hash;
 	size_t len;
-- 
1.8.3.1