1. Patchew
  2. QEMU
  3. [PULL 00/20] Crypto and I/O patches
  4. View patch

[PULL 13/20] crypto: validate that LUKS payload doesn't overlap with header

Daniel P. Berrangé posted 20 patches 3 years, 3 months ago
Maintainers: "Daniel P. Berrangé" <berrange@redhat.com>
[PULL 13/20] crypto: validate that LUKS payload doesn't overlap with header
Posted by Daniel P. Berrangé 3 years, 3 months ago 
We already validate that LUKS keyslots don't overlap with the
header, or with each other. This closes the remaining hole in
validation of LUKS file regions.

Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 crypto/block-luks.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 6ef9a89ffa..f22bc63e54 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -572,6 +572,13 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
         return -1;
     }
 
+    if (luks->header.payload_offset_sector <
+        DIV_ROUND_UP(QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET,
+                     QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) {
+        error_setg(errp, "LUKS payload is overlapping with the header");
+        return -1;
+    }
+
     /* Check all keyslots for corruption  */
     for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; i++) {
 
-- 
2.37.3

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.