| Message ID | 20220906084147.1423045-6-berrange@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | crypto: improve robustness of LUKS metadata validation | expand |
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index f22bc63e54..e6ee8506b2 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -602,7 +602,7 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) return -1; } - if (start1 < DIV_ROUND_UP(sizeof(QCryptoBlockLUKSHeader), + if (start1 < DIV_ROUND_UP(QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) { error_setg(errp, "Keyslot %zu is overlapping with the LUKS header",
The LUKS header data on disk is a fixed size, however, there's expected to be a gap between the end of the header and the first key slot to get alignment with the 2nd sector on 4k drives. This wasn't originally part of the LUKS spec, but was always part of the reference implementation, so it is worth validating this. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- crypto/block-luks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)