]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
cryptenroll: refuse reading a key longer than 4 MiB
authorLennart Poettering <lennart@amutable.com>
Mon, 22 Jun 2026 12:27:02 +0000 (14:27 +0200)
committerLennart Poettering <lennart@amutable.com>
Sat, 27 Jun 2026 15:28:39 +0000 (17:28 +0200)
If we open this up to external processes let's tighten rules and refuse
reading more than 4 MiB as key, after all this is locked memory.

src/cryptenroll/cryptenroll-password.c

index 595279c80d6b8f0b98d1c07505e1304f36451f73..22b64e3229aba7c2428f7aa25fd48469e4f63287 100644 (file)
@@ -55,8 +55,8 @@ int load_volume_key_keyfile(
                         AT_FDCWD,
                         c->unlock_keyfile,
                         UINT64_MAX,
-                        SIZE_MAX,
-                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET,
+                        4U * U64_MB, /* safety net */
+                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET|READ_FULL_FILE_FAIL_WHEN_LARGER,
                         NULL,
                         &password,
                         &password_len);