From: Zbigniew Jędrzejewski-Szmek Date: Mon, 10 May 2021 13:04:10 +0000 (+0200) Subject: cryptsetup: fix flags check X-Git-Tag: v249-rc1~248^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F19562%2Fhead;p=thirdparty%2Fsystemd.git cryptsetup: fix flags check FLAGS_SET() checks if *all* the bits are set. In this case we want to check if *any* are. FLAGS_SET() was added in cde2f8605e0c3842f9a87785dd758f955f2d04ba, but not a bug then yet, because with just one bit, both options are equivalent. But when more bits were added later, this stopped being correct. --- diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 5ae2aaa0603..ca6bdecb863 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -772,7 +772,7 @@ static int attach_luks_or_plain_or_bitlk_by_fido2( if (r < 0) return r; - if (FLAGS_SET(required, FIDO2ENROLL_PIN | FIDO2ENROLL_UP | FIDO2ENROLL_UV) && arg_headless) + if ((required & (FIDO2ENROLL_PIN | FIDO2ENROLL_UP | FIDO2ENROLL_UV)) && arg_headless) return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "Local verification is required to unlock this volume, but the 'headless' parameter was set.");