From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Apr 2023 09:14:50 +0000 (+0200)
Subject: dissect: let's check for crypto_LUKS before fstype allowlist check
X-Git-Tag: v254-rc1~674
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14ce246771a72c7e0e493375016030b0bcbc15fc;p=thirdparty%2Fsystemd.git

dissect: let's check for crypto_LUKS before fstype allowlist check

When trying to mount a partition that is encrypted without the
encryption first having been set up we want to return a
recognizable error (EUNATCH). This was broken by
80ce8580f5aa6b03fa13a0b3b30207bc9b5c5fe0 which added an allowlist check
for permissible file systems first. Let's reverse the check order, so
that we get EUNATCH again, as before. (And leave EIDRM as error for the
failed allowlist check).
---

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 45bed868cbc..b84ef464420 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -1907,11 +1907,6 @@ static int mount_partition(
 
         if (!fstype)
                 return -EAFNOSUPPORT;
-        r = dissect_fstype_ok(fstype);
-        if (r < 0)
-                return r;
-        if (!r)
-                return -EIDRM; /* Recognizable error */
 
         /* We are looking at an encrypted partition? This either means stacked encryption, or the caller
          * didn't call dissected_image_decrypt() beforehand. Let's return a recognizable error for this
@@ -1919,6 +1914,12 @@ static int mount_partition(
         if (streq(fstype, "crypto_LUKS"))
                 return -EUNATCH;
 
+        r = dissect_fstype_ok(fstype);
+        if (r < 0)
+                return r;
+        if (!r)
+                return -EIDRM; /* Recognizable error */
+
         rw = m->rw && !(flags & DISSECT_IMAGE_MOUNT_READ_ONLY);
 
         discard = ((flags & DISSECT_IMAGE_DISCARD) ||