[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 2/9] luks: Fix out-of-bounds copy of UUID
|
From: |
Patrick Steinhardt |
|
Subject: |
[PATCH v2 2/9] luks: Fix out-of-bounds copy of UUID |
|
Date: |
Wed, 26 Aug 2020 10:13:29 +0200 |
When configuring a LUKS disk, we copy over the UUID from the LUKS header
into the new `grub_cryptodisk_t` structure via `grub_memcpy ()`. As size
we mistakenly use the size of the `grub_cryptodisk_t` UUID field, which
is guaranteed to be strictly bigger than the LUKS UUID field we're
copying. As a result, the copy always goes out-of-bounds and copies some
garbage from other surrounding fields. During runtime, this isn't
noticed due to the fact that we always NUL-terminate the UUID and thus
never hit the trailing garbage.
Fix the issue by using the size of the local stripped UUID field.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
grub-core/disk/luks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index 6ae162601..59702067a 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -95,6 +95,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
|| grub_be_to_cpu16 (header.version) != 1)
return NULL;
+ grub_memset (uuid, 0, sizeof (uuid));
optr = uuid;
for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)];
iptr++)
@@ -125,7 +126,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
newdev->source_disk = NULL;
newdev->log_sector_size = 9;
newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
- grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
+ grub_memcpy (newdev->uuid, uuid, sizeof (uuid));
newdev->modname = "luks";
/* Configure the hash used for the AF splitter and HMAC. */
--
2.28.0
signature.asc
Description: PGP signature
- [PATCH 4/9] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, (continued)
- [PATCH 4/9] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, Patrick Steinhardt, 2020/08/23
- [PATCH 5/9] luks2: Improve error reporting when decrypting/verifying key, Patrick Steinhardt, 2020/08/23
- [PATCH 6/9] cryptodisk: Unregister cryptomount command when removing module, Patrick Steinhardt, 2020/08/23
- [PATCH 7/9] cryptodisk: Incorrect calculation of start sector for grub_disk_read in grub_cryptodisk_read, Patrick Steinhardt, 2020/08/23
- [PATCH 8/9] cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain', Patrick Steinhardt, 2020/08/23
- [PATCH 9/9] cryptodisk: Properly handle non-512 byte sized sectors, Patrick Steinhardt, 2020/08/23
- Re: [PATCH 0/9] Cryptodisk fixes for v2.06, Glenn Washburn, 2020/08/24
- [PATCH v2 0/9] Cryptodisk fixes for v2.06, Patrick Steinhardt, 2020/08/26
- [PATCH v2 1/9] json: Remove invalid typedef redefinition, Patrick Steinhardt, 2020/08/26
- [PATCH v2 2/9] luks: Fix out-of-bounds copy of UUID,
Patrick Steinhardt <=
- [PATCH v2 3/9] luks2: Fix use of incorrect index and some error messages, Patrick Steinhardt, 2020/08/26
- [PATCH v2 4/9] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, Patrick Steinhardt, 2020/08/26
- [PATCH v2 5/9] luks2: Improve error reporting when decrypting/verifying key, Patrick Steinhardt, 2020/08/26
- [PATCH v2 6/9] cryptodisk: Unregister cryptomount command when removing module, Patrick Steinhardt, 2020/08/26
- [PATCH v2 7/9] cryptodisk: Fix incorrect calculation of start sector, Patrick Steinhardt, 2020/08/26
- [PATCH v2 8/9] cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain', Patrick Steinhardt, 2020/08/26
- [PATCH v2 9/9] cryptodisk: Properly handle non-512 byte sized sectors, Patrick Steinhardt, 2020/08/26