Re: [RFC PATCH 2/2] dm-crypt: Use any key type which is registered

From: James Bottomley
Date: Sat Jan 18 2020 - 12:55:38 EST

Next message: Ingo Molnar: "[GIT PULL] perf fixes"
Previous message: Ingo Molnar: "[GIT PULL] locking fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2019-03-01 at 17:09 +0100, Franck LENORMAND wrote:
> @@ -2025,16 +2027,15 @@ static int crypt_set_keyring_key(struct
> crypt_config *cc, const char *key_string
> if (!key_desc || key_desc == key_string || !strlen(key_desc
> + 1))
> return -EINVAL;
>
> - if (strncmp(key_string, "logon:", key_desc - key_string + 1)
> &&
> - strncmp(key_string, "user:", key_desc - key_string + 1))
> - return -EINVAL;
> + type = get_key_type(key_string, key_desc - key_string);
> + if (!type)
> + return -ENOENT;

You can't do this. This check ensures that the key responds correctly
to user_key_payload_locked() lower down. To do that, the payload has
to be in a specific form. You ensured that yours are, but dm-crypt
will now accept any key type, load the user payload blindly and create
all sorts of mayhem in the kernel because of the structural differences
in payload types.

James

Next message: Ingo Molnar: "[GIT PULL] perf fixes"
Previous message: Ingo Molnar: "[GIT PULL] locking fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]