Re: dm-crypt accepts '+' in the key
From: Alexey Dobriyan
Date: Sun Nov 13 2016 - 17:36:41 EST
On Sun, Nov 13, 2016 at 03:45:27PM +0100, Milan Broz wrote:
> On 11/12/2016 09:20 PM, Mikulas Patocka wrote:
> > Hi
> >
> > dm-crypt uses the function kstrtou8 to decode the encryption key. kstrtou8
> > calls kstrtoull and kstrtoull skips the first character if it is '+'.
> >
> > Consequently, it is possible to load keys with '+' in it. For example,
> > this is possible:
> >
> > dmsetup create cr --table "0 131072 crypt aes-cbc-essiv:sha256 +0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0+0 0 /dev/debian/tmptest 0"
> >
> > Should this be fixed in dm-crypt or in kstrtou8? A fix in kstrtou8 could
> > be more appropriate, but we don't know how many other kernel parts depend
> > on this "skip plus" behavior...
>
> I would way it should be checked in both places...
> For dmcrypt, it should validate input here and should
> not accept anything in key field in dm table that is not in hexa representation.
>
> (Is this regression since code switched from simple_strtoul to kstrtou8
> or this bug was there always?)
Well, before kernel would silently parse anything broken as "0".
But since it is base-16, "0[xX]" will be accepted before every byte.
dm-crypt should parse key by hand, frankly.