From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 6 Apr 2021 09:45:54 +0000 (+0200)
Subject: recovery-key: add some extra asserts
X-Git-Tag: v249-rc1~471
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ff2cf6f8fe09efee492af164412f0fc771eddec9;p=thirdparty%2Fsystemd.git

recovery-key: add some extra asserts

Let's ensure our key sizes calculations are correct.

This doesn't actually change anything, just adds more safety checks.
Inspired by #19203, but not a fix.
---

diff --git a/src/basic/recovery-key.c b/src/basic/recovery-key.c
index a3c4500dff4..cad639a023b 100644
--- a/src/basic/recovery-key.c
+++ b/src/basic/recovery-key.c
@@ -74,6 +74,7 @@ int normalize_recovery_key(const char *password, char **ret) {
 int make_recovery_key(char **ret) {
         _cleanup_(erase_and_freep) char *formatted = NULL;
         _cleanup_(erase_and_freep) uint8_t *key = NULL;
+        size_t j = 0;
         int r;
 
         assert(ret);
@@ -91,7 +92,7 @@ int make_recovery_key(char **ret) {
         if (!formatted)
                 return -ENOMEM;
 
-        for (size_t i = 0, j = 0; i < RECOVERY_KEY_MODHEX_RAW_LENGTH; i++) {
+        for (size_t i = 0; i < RECOVERY_KEY_MODHEX_RAW_LENGTH; i++) {
                 formatted[j++] = modhex_alphabet[key[i] >> 4];
                 formatted[j++] = modhex_alphabet[key[i] & 0xF];
 
@@ -99,7 +100,9 @@ int make_recovery_key(char **ret) {
                         formatted[j++] = '-';
         }
 
-        formatted[RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1] = 0;
+        assert(j == RECOVERY_KEY_MODHEX_FORMATTED_LENGTH);
+        assert(formatted[RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1] == '-');
+        formatted[RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1] = 0; /* replace final dash with a NUL */
 
         *ret = TAKE_PTR(formatted);
         return 0;