]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0089a46)
cryptenroll: refuse reading a key longer than 4 MiB
authorLennart Poettering <lennart@amutable.com>
Mon, 22 Jun 2026 12:27:02 +0000 (14:27 +0200)
committerLennart Poettering <lennart@amutable.com>
Sat, 27 Jun 2026 15:28:39 +0000 (17:28 +0200)
If we open this up to external processes let's tighten rules and refuse
reading more than 4 MiB as key, after all this is locked memory.

src/cryptenroll/cryptenroll-password.c patch | blob | blame | history

diff --git a/src/cryptenroll/cryptenroll-password.c b/src/cryptenroll/cryptenroll-password.c
index 595279c80d6b8f0b98d1c07505e1304f36451f73..22b64e3229aba7c2428f7aa25fd48469e4f63287 100644 (file)
--- a/src/cryptenroll/cryptenroll-password.c
+++ b/src/cryptenroll/cryptenroll-password.c
@@ -55,8 +55,8 @@ int load_volume_key_keyfile(
                         AT_FDCWD,
                         c->unlock_keyfile,
                         UINT64_MAX,
-                        SIZE_MAX,
-                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET,
+                        4U * U64_MB, /* safety net */
+                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET|READ_FULL_FILE_FAIL_WHEN_LARGER,
                         NULL,
                         &password,
                         &password_len);
Unnamed repository; edit this file 'description' to name the repository.