loopaesOpen uses random key length when operating on binary data

therealromster / cryptsetup

Automatically exported from code.google.com/p/cryptsetup

GNU General Public License v2.0

0 stars 0 forks source link

loopaesOpen uses random key length when operating on binary data #153

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

See
https://bugzilla.novell.com/show_bug.cgi?id=810269

loopaesOpen doesn't refuse to operate on binary data.

in loopaes.c, line 166 the strlen will then return a random length
(even longer than the buffer!) if the binary key data happen to not
include \0:
    key_len = key_index ? strlen(keys[0]) : 0;

Original issue reported on code.google.com by ludwig.n...@suse.de on 20 Mar 2013 at 10:28

GoogleCodeExporter commented 9 years ago

But this is not valid loopsaes keyfile? (If so, I think I never supported such 
keyfiles.)

But yes, it should be more resilient to wrong input and definitely not read 
memory outside of loaded keyfile.
Thanks for report!

Original comment by gmazyl...@gmail.com on 20 Mar 2013 at 5:35

GoogleCodeExporter commented 9 years ago

Fixed in commit
http://code.google.com/p/cryptsetup/source/detail?r=330007beb2fcad539d0f9fd25098
6e96c018304f#

Thanks.

Original comment by gmazyl...@gmail.com on 23 Mar 2013 at 5:39

Changed state: Fixed