From: Lennart Poettering <lennart@amutable.com>
Date: Mon, 22 Jun 2026 12:27:02 +0000 (+0200)
Subject: cryptenroll: refuse reading a key longer than 4 MiB
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47dc8abf8bed3983a9c5003669f7b5fb03b58f03;p=thirdparty%2Fsystemd.git

cryptenroll: refuse reading a key longer than 4 MiB

If we open this up to external processes let's tighten rules and refuse
reading more than 4 MiB as key, after all this is locked memory.
---

diff --git a/src/cryptenroll/cryptenroll-password.c b/src/cryptenroll/cryptenroll-password.c
index 595279c80d6..22b64e3229a 100644
--- a/src/cryptenroll/cryptenroll-password.c
+++ b/src/cryptenroll/cryptenroll-password.c
@@ -55,8 +55,8 @@ int load_volume_key_keyfile(
                         AT_FDCWD,
                         c->unlock_keyfile,
                         UINT64_MAX,
-                        SIZE_MAX,
-                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET,
+                        4U * U64_MB, /* safety net */
+                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET|READ_FULL_FILE_FAIL_WHEN_LARGER,
                         NULL,
                         &password,
                         &password_len);