Commit 027c431c authored by Ondrej Kozina's avatar Ondrej Kozina Committed by Mike Snitzer

dm crypt: reject key strings containing whitespace chars

Unfortunately key_string may theoretically contain whitespace even after
it's processed by dm_split_args().  The reason for this is DM core
supports escaping of almost all chars including any whitespace.

If userspace passes a key to the kernel in format ":32:logon:my_prefix:my\ key"
dm-crypt will look up key "my_prefix:my key" in kernel keyring service.
So far everything's fine.

Unfortunately if userspace later calls DM_TABLE_STATUS ioctl, it will not
receive back expected ":32:logon:my_prefix:my\ key" but the unescaped version
instead.  Also userpace (most notably cryptsetup) is not ready to parse
single target argument containing (even escaped) whitespace chars and any
whitespace is simply taken as delimiter of another argument.

This effect is mitigated by the fact libdevmapper curently performs
double escaping of '\' char.  Any user input in format "x\ x" is
transformed into "x\\ x" before being passed to the kernel.  Nonetheless
dm-crypt may be used without libdevmapper.  Therefore the near-term
solution to this is to reject any key string containing whitespace.
Signed-off-by: default avatarOndrej Kozina <okozina@redhat.com>
Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
parent b446396b
...@@ -24,6 +24,7 @@ ...@@ -24,6 +24,7 @@
#include <linux/atomic.h> #include <linux/atomic.h>
#include <linux/scatterlist.h> #include <linux/scatterlist.h>
#include <linux/rbtree.h> #include <linux/rbtree.h>
#include <linux/ctype.h>
#include <asm/page.h> #include <asm/page.h>
#include <asm/unaligned.h> #include <asm/unaligned.h>
#include <crypto/hash.h> #include <crypto/hash.h>
...@@ -1489,6 +1490,14 @@ static int crypt_setkey(struct crypt_config *cc) ...@@ -1489,6 +1490,14 @@ static int crypt_setkey(struct crypt_config *cc)
#ifdef CONFIG_KEYS #ifdef CONFIG_KEYS
static bool contains_whitespace(const char *str)
{
while (*str)
if (isspace(*str++))
return true;
return false;
}
static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string) static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string)
{ {
char *new_key_string, *key_desc; char *new_key_string, *key_desc;
...@@ -1496,6 +1505,15 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string ...@@ -1496,6 +1505,15 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
struct key *key; struct key *key;
const struct user_key_payload *ukp; const struct user_key_payload *ukp;
/*
* Reject key_string with whitespace. dm core currently lacks code for
* proper whitespace escaping in arguments on DM_TABLE_STATUS path.
*/
if (contains_whitespace(key_string)) {
DMERR("whitespace chars not allowed in key string");
return -EINVAL;
}
/* look for next ':' separating key_type from key_description */ /* look for next ':' separating key_type from key_description */
key_desc = strpbrk(key_string, ":"); key_desc = strpbrk(key_string, ":");
if (!key_desc || key_desc == key_string || !strlen(key_desc + 1)) if (!key_desc || key_desc == key_string || !strlen(key_desc + 1))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment