In drivers/block/loop.c, we see in function transfer_xor()
*out++ = *in++ ^ key[(i & 511) % keysize];
If keysize is zero, bad things happen. (Getting a zero keysize is
trivial: 'losetup -e XOR /dev/loop0 crud' and just hit enter at the
'Password:' prompt. Then, for example, putting a filesystem on it
will crash the machine.
Here is a 'patch' to prevent this:
--- loop.c.orig Sat May 22 17:59:40 1999
+++ loop.c Sat May 22 18:02:15 1999
@@ -504,6 +504,8 @@
if ((unsigned int) info.lo_encrypt_key_size > LO_KEY_SIZE)
return -EINVAL;
type = info.lo_encrypt_type;
+ if (info.lo_encrypt_key_size == 0 && type == LO_CRYPT_XOR)
+ return -EINVAL;
if (type >= MAX_LO_CRYPT || xfer_funcs[type] == NULL)
return -EINVAL;
err = loop_release_xfer(lo);
Or, does someone think the transfer function should somehow deal with
a zero size key?
Question: Where is the implementation for the 'real' crypto on the
loop device? (eg. DES)
Paul
set@pobox.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/