Blame SOURCES/0225-ask-password-prevent-buffer-overrow-when-reading-fro.patch
|
|
4fbe94 |
From c6c8e0d097d6ba12471c6112c3fd339ea40329d5 Mon Sep 17 00:00:00 2001
|
|
|
4fbe94 |
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
|
4fbe94 |
Date: Mon, 13 May 2019 16:58:01 -0300
|
|
|
4fbe94 |
Subject: [PATCH] ask-password: prevent buffer overrow when reading from
|
|
|
4fbe94 |
keyring
|
|
|
4fbe94 |
|
|
|
4fbe94 |
When we read from keyring, a temporary buffer is allocated in order to
|
|
|
4fbe94 |
determine the size needed for the entire data. However, when zeroing that area,
|
|
|
4fbe94 |
we use the data size returned by the read instead of the lesser size allocate
|
|
|
4fbe94 |
for the buffer.
|
|
|
4fbe94 |
|
|
|
4fbe94 |
That will cause memory corruption that causes systemd-cryptsetup to crash
|
|
|
4fbe94 |
either when a single large password is used or when multiple passwords have
|
|
|
4fbe94 |
already been pushed to the keyring.
|
|
|
4fbe94 |
|
|
|
4fbe94 |
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
|
4fbe94 |
(cherry picked from commit 59c55e73eaee345e1ee67c23eace8895ed499693)
|
|
|
4fbe94 |
|
|
|
4fbe94 |
Resolves: #1752050
|
|
|
4fbe94 |
---
|
|
|
4fbe94 |
src/shared/ask-password-api.c | 2 +-
|
|
|
4fbe94 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
4fbe94 |
|
|
|
4fbe94 |
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
|
|
|
4fbe94 |
index 682dc754fc..764ebd08e1 100644
|
|
|
4fbe94 |
--- a/src/shared/ask-password-api.c
|
|
|
4fbe94 |
+++ b/src/shared/ask-password-api.c
|
|
|
4fbe94 |
@@ -79,7 +79,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
|
|
|
4fbe94 |
if (n < m)
|
|
|
4fbe94 |
break;
|
|
|
4fbe94 |
|
|
|
4fbe94 |
- explicit_bzero(p, n);
|
|
|
4fbe94 |
+ explicit_bzero(p, m);
|
|
|
4fbe94 |
free(p);
|
|
|
4fbe94 |
m *= 2;
|
|
|
4fbe94 |
}
|