diff --git a/0003-Check-segment-gaps-regardless-of-heap-space.patch b/0003-Check-segment-gaps-regardless-of-heap-space.patch new file mode 100644 index 0000000000000000000000000000000000000000..98895090facb1b0dc463616981b0184f6aee8b50 --- /dev/null +++ b/0003-Check-segment-gaps-regardless-of-heap-space.patch @@ -0,0 +1,61 @@ +From e8e71e43c3ff2dca951d30af48708bcb411e47d2 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Mon, 24 Aug 2020 19:21:43 +0200 +Subject: [PATCH 3/5] Check segment gaps regardless of heap space. + +Segments are validated in hdr_validate_segments. Gaps in segment keys +are detected when collecting offsets. But if an invalid segment is very +large, larger than count, it could happen that cryptsetup is unable to +allocate enough memory, not giving a clue about what actually is the +problem. + +Therefore check for gaps even if not enough memory is available. This +gives much more information with debug output enabled. + +Obviously cryptsetup still fails if segments are perfectly fine but not +enough RAM available. But at that stage, the user knows that it's the +fault of the system, not of an invalid segment. +--- + lib/luks2/luks2_json_metadata.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c +index e346067..e4e1424 100644 +--- a/lib/luks2/luks2_json_metadata.c ++++ b/lib/luks2/luks2_json_metadata.c +@@ -679,11 +679,10 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) + if (first_backup < 0) + first_backup = count; + +- intervals = malloc(first_backup * sizeof(*intervals)); +- if (!intervals) { +- log_dbg(cd, "Not enough memory."); +- return 1; +- } ++ if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals)) ++ intervals = malloc(first_backup * sizeof(*intervals)); ++ else ++ intervals = NULL; + + for (i = 0; i < first_backup; i++) { + jobj = json_segments_get_segment(jobj_segments, i); +@@ -692,8 +691,14 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) + free(intervals); + return 1; + } +- intervals[i].offset = json_segment_get_offset(jobj, 0); +- intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX; ++ if (intervals != NULL) { ++ intervals[i].offset = json_segment_get_offset(jobj, 0); ++ intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX; ++ } ++ } ++ if (intervals == NULL) { ++ log_dbg(cd, "Not enough memory."); ++ return 1; + } + + r = !validate_segment_intervals(cd, first_backup, intervals); +-- +1.8.3.1 + diff --git a/0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch b/0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch new file mode 100644 index 0000000000000000000000000000000000000000..c0f11da09dded39108809e4d4663fccf63752601 --- /dev/null +++ b/0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch @@ -0,0 +1,31 @@ +From 88b2d1af10922e0defb3eeacac6bb03aab9cbd60 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Thu, 27 Aug 2020 12:12:13 +0200 +Subject: [PATCH 4/5] Fix posible buffer overflows in LUKS conversion. + +cipher[31] and cipher_mode[31] buffers were passed to +crypt_parse_name_and_mode() routine where sscanf(s, "%31[^-]-%31s", +cipher, cipher_mode) was called. + +In corner case it could cause terminating 0 byte written beyond +respective arrays. +--- + lib/luks2/luks2_luks1_convert.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c +index 603c44d..9b70df1 100644 +--- a/lib/luks2/luks2_luks1_convert.c ++++ b/lib/luks2/luks2_luks1_convert.c +@@ -675,7 +675,7 @@ static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *h + int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1) + { + size_t buf_size, buf_offset; +- char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1]; ++ char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L]; + char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE]; + const char *hash; + size_t len; +-- +1.8.3.1 + diff --git a/0005-Fix-a-memleak-in-blockwise-test.patch b/0005-Fix-a-memleak-in-blockwise-test.patch new file mode 100644 index 0000000000000000000000000000000000000000..d821e7e15b52354f1d0c44112a0f305ec9ce4ec2 --- /dev/null +++ b/0005-Fix-a-memleak-in-blockwise-test.patch @@ -0,0 +1,25 @@ +From fa57d76de233e22afd79e81c98a741c23dae3498 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Sat, 29 Aug 2020 12:21:32 +0200 +Subject: [PATCH 5/5] Fix a memleak in blockwise test. + +--- + tests/unit-utils-io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/unit-utils-io.c b/tests/unit-utils-io.c +index ff5be52..9e59234 100644 +--- a/tests/unit-utils-io.c ++++ b/tests/unit-utils-io.c +@@ -99,7 +99,7 @@ static int test_write_buffer(void) + if (ret < 0) + goto out; + +- return (size_t) ret == test_length ? 0 : -EIO; ++ ret = (size_t) ret == test_length ? 0 : -EIO; + out: + if (fd >= 0) + close(fd); +-- +1.8.3.1 + diff --git a/cryptsetup.spec b/cryptsetup.spec index 6e8b572c86fdfb1aad517c9b53617a4a1d8368ee..b9e7faad59dcf5c257e859cf96e34f4f304108f7 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,6 +1,6 @@ Name: cryptsetup Version: 2.3.3 -Release: 1 +Release: 2 Summary: Utility used to conveniently set up disk encryption License: GPLv2+ and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup @@ -8,6 +8,9 @@ Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{ve Patch1: 0001-cryptsetup-add-system-library-paths.patch Patch2: 0002-fix-compat-test.patch +Patch3: 0003-Check-segment-gaps-regardless-of-heap-space.patch +Patch4: 0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch +Patch5: 0005-Fix-a-memleak-in-blockwise-test.patch BuildRequires: openssl-devel, popt-devel, device-mapper-devel, git BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel @@ -107,6 +110,9 @@ This contains man files for the using of cryptsetup. %{_mandir}/man8/* %changelog +* Fri Oct 30 2020 Zhiqiang Liu - 2.3.3-2 +- backport upstream patches to solve several problems -epoch2 + * Sat Jul 18 2020 Ruijun Ge - 2.3.3-1 - update to 2.3.3 version