From 7eeb45537af1db8a29b4e2956545ccde8ad13d32 Mon Sep 17 00:00:00 2001

From: Milan Broz <gmazyland@gmail.com>

Date: Sun, 2 Jan 2022 16:57:31 +0100

Subject: [PATCH 12/28] Reenc keyslot must have key_size == 1.

---

 lib/luks2/luks2_keyslot_reenc.c | 10 ++++++++--

 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/luks2/luks2_keyslot_reenc.c b/lib/luks2/luks2_keyslot_reenc.c

index 1956fe27..9da7007d 100644

--- a/lib/luks2/luks2_keyslot_reenc.c

+++ b/lib/luks2/luks2_keyslot_reenc.c

@@ -230,7 +230,7 @@ static int reenc_keyslot_dump(struct crypt_device *cd, int keyslot)

 static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_keyslot)

 {

-	json_object *jobj_mode, *jobj_area, *jobj_type, *jobj_shift_size, *jobj_hash, *jobj_sector_size, *jobj_direction;

+	json_object *jobj_mode, *jobj_area, *jobj_type, *jobj_shift_size, *jobj_hash, *jobj_sector_size, *jobj_direction, *jobj_key_size;

 	const char *mode, *type, *direction;

 	uint32_t sector_size;

 	uint64_t shift_size;

@@ -250,12 +250,18 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key

 	    !json_object_object_get_ex(jobj_area, "type", &jobj_type))

 		return -EINVAL;

+	jobj_key_size = json_contains(cd, jobj_keyslot, "", "reencrypt keyslot", "key_size", json_type_int);

 	jobj_mode = json_contains(cd, jobj_keyslot, "", "reencrypt keyslot", "mode", json_type_string);

 	jobj_direction = json_contains(cd, jobj_keyslot, "", "reencrypt keyslot", "direction", json_type_string);

-	if (!jobj_mode || !jobj_direction)

+	if (!jobj_mode || !jobj_direction || !jobj_key_size)

 		return -EINVAL;

+	if (!validate_json_uint32(jobj_key_size) || crypt_jobj_get_uint32(jobj_key_size) != 1) {

+		log_dbg(cd, "Illegal reencrypt key size.");

+		return -EINVAL;

+	}

+

 	mode = json_object_get_string(jobj_mode);

 	type = json_object_get_string(jobj_type);

 	direction = json_object_get_string(jobj_direction);

-- 

2.27.0