Blame SOURCES/0225-ask-password-prevent-buffer-overrow-when-reading-fro.patch
|
 |
b9a53a |
From c6c8e0d097d6ba12471c6112c3fd339ea40329d5 Mon Sep 17 00:00:00 2001
|
|
|
76b84c |
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
|
76b84c |
Date: Mon, 13 May 2019 16:58:01 -0300
|
|
|
76b84c |
Subject: [PATCH] ask-password: prevent buffer overrow when reading from
|
|
|
76b84c |
keyring
|
|
|
76b84c |
|
|
|
76b84c |
When we read from keyring, a temporary buffer is allocated in order to
|
|
|
76b84c |
determine the size needed for the entire data. However, when zeroing that area,
|
|
|
76b84c |
we use the data size returned by the read instead of the lesser size allocate
|
|
|
76b84c |
for the buffer.
|
|
|
76b84c |
|
|
|
76b84c |
That will cause memory corruption that causes systemd-cryptsetup to crash
|
|
|
76b84c |
either when a single large password is used or when multiple passwords have
|
|
|
76b84c |
already been pushed to the keyring.
|
|
|
76b84c |
|
|
|
76b84c |
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
|
76b84c |
(cherry picked from commit 59c55e73eaee345e1ee67c23eace8895ed499693)
|
|
|
76b84c |
|
|
|
b9a53a |
Resolves: #1752050
|
|
|
76b84c |
---
|
|
|
76b84c |
src/shared/ask-password-api.c | 2 +-
|
|
|
76b84c |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
76b84c |
|
|
|
76b84c |
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
|
|
|
76b84c |
index 682dc754fc..764ebd08e1 100644
|
|
|
76b84c |
--- a/src/shared/ask-password-api.c
|
|
|
76b84c |
+++ b/src/shared/ask-password-api.c
|
|
|
76b84c |
@@ -79,7 +79,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
|
|
|
76b84c |
if (n < m)
|
|
|
76b84c |
break;
|
|
|
76b84c |
|
|
|
76b84c |
- explicit_bzero(p, n);
|
|
|
76b84c |
+ explicit_bzero(p, m);
|
|
|
76b84c |
free(p);
|
|
|
76b84c |
m *= 2;
|
|
|
76b84c |
}
|