From 871f35af85315a06b7157d85976acb45434eeeaa Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 10 Jun 2021 10:21:08 +0200 Subject: [PATCH] cryptsetup: improve error message when key files to load are too large Let's make this easier to grok for users. Prompted-by: #19193 --- src/cryptsetup/cryptsetup-keyfile.c | 6 ++++++ src/cryptsetup/cryptsetup.c | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/src/cryptsetup/cryptsetup-keyfile.c b/src/cryptsetup/cryptsetup-keyfile.c index 55c1442ed6e..924555d262f 100644 --- a/src/cryptsetup/cryptsetup-keyfile.c +++ b/src/cryptsetup/cryptsetup-keyfile.c @@ -26,6 +26,8 @@ int find_key_file( READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET, bindname, (char**) ret_key, ret_key_size); + if (r == -E2BIG) + return log_error_errno(r, "Key file '%s' too large.", key_file); if (r < 0) return log_error_errno(r, "Failed to load key file '%s': %m", key_file); @@ -46,6 +48,10 @@ int find_key_file( (char**) ret_key, ret_key_size); if (r >= 0) return 1; + if (r == -E2BIG) { + log_warning_errno(r, "Key file '%s' too large, ignoring.", key_file); + continue; + } if (r != -ENOENT) return log_error_errno(r, "Failed to load key file '%s': %m", key_file); } diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 89b8377ea6d..64a7f5bc375 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1261,6 +1261,10 @@ static int attach_luks_or_plain_or_bitlk_by_key_file( READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET, bindname, &kfdata, &kfsize); + if (r == -E2BIG) { + log_error_errno(r, "Failed to activate, key file '%s' too large.", key_file); + return -EAGAIN; + } if (r == -ENOENT) { log_error_errno(r, "Failed to activate, key file '%s' missing.", key_file); return -EAGAIN; /* Log actual error, but return EAGAIN */ -- 2.47.3