|
 |
f3fc18 |
From dc86950fff020688a17b6ff0dbfea7bdb0d8f1b9 Mon Sep 17 00:00:00 2001
|
|
|
f3fc18 |
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
|
f3fc18 |
Date: Tue, 10 Jan 2023 08:39:11 +0000
|
|
|
f3fc18 |
Subject: [PATCH] luks: Avoid crash when image does not contain a LUKS header
|
|
|
f3fc18 |
|
|
|
f3fc18 |
We attempt to load the LUKS header in the prepare() callback. If this
|
|
|
f3fc18 |
fails, h->h will be NULL and we'll crash in close() when we attempt to
|
|
|
f3fc18 |
access and free h->h->masterkey.
|
|
|
f3fc18 |
|
|
|
f3fc18 |
This crash could have been triggered another way: if open() followed
|
|
|
f3fc18 |
by close() was called, without prepare() or other callbacks.
|
|
|
f3fc18 |
|
|
|
f3fc18 |
Reported-by: Ming Xie
|
|
|
f3fc18 |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2159581
|
|
|
f3fc18 |
(cherry picked from commit cad4b96b17ed4ad7882100efa0d9073ac9d8b11c)
|
|
|
f3fc18 |
---
|
|
|
f3fc18 |
filters/luks/luks-encryption.c | 10 ++++++----
|
|
|
f3fc18 |
1 file changed, 6 insertions(+), 4 deletions(-)
|
|
|
f3fc18 |
|
|
|
f3fc18 |
diff --git a/filters/luks/luks-encryption.c b/filters/luks/luks-encryption.c
|
|
|
f3fc18 |
index 26f81e7b..6f33e76e 100644
|
|
|
f3fc18 |
--- a/filters/luks/luks-encryption.c
|
|
|
f3fc18 |
+++ b/filters/luks/luks-encryption.c
|
|
|
f3fc18 |
@@ -856,11 +856,13 @@ load_header (nbdkit_next *next, const char *passphrase)
|
|
|
f3fc18 |
void
|
|
|
f3fc18 |
free_luks_data (struct luks_data *h)
|
|
|
f3fc18 |
{
|
|
|
f3fc18 |
- if (h->masterkey) {
|
|
|
f3fc18 |
- memset (h->masterkey, 0, h->phdr.master_key_len);
|
|
|
f3fc18 |
- free (h->masterkey);
|
|
|
f3fc18 |
+ if (h) {
|
|
|
f3fc18 |
+ if (h->masterkey) {
|
|
|
f3fc18 |
+ memset (h->masterkey, 0, h->phdr.master_key_len);
|
|
|
f3fc18 |
+ free (h->masterkey);
|
|
|
f3fc18 |
+ }
|
|
|
f3fc18 |
+ free (h);
|
|
|
f3fc18 |
}
|
|
|
f3fc18 |
- free (h);
|
|
|
f3fc18 |
}
|
|
|
f3fc18 |
|
|
|
f3fc18 |
uint64_t
|
|
|
f3fc18 |
--
|
|
|
f3fc18 |
2.31.1
|
|
|
f3fc18 |
|