git.ipfire.org Git - thirdparty/systemd.git/commit

author	Vitaly Kuznetsov <vkuznets@redhat.com>
	Thu, 30 Apr 2026 14:44:39 +0000 (16:44 +0200)
committer	Vitaly Kuznetsov <vkuznets@redhat.com>
	Mon, 4 May 2026 10:22:03 +0000 (12:22 +0200)
commit	bd9971cd25f452e164e6c5af798a73d16aadbbd9
tree	c0e63dce0e5dedba202a9ba955042d54e09c10f7	tree \| snapshot
parent	4b35847aa3395890986bf5f93236160e0cfd9f8f	commit \| diff

cryptsetup: avoid a segfault when a keyfile is passed along with a TPM device

When a keyfile is passed with tpm2-device=, e.g.,

systemd-cryptsetup attach test_data /vol /my-pass tpm2-device=auto

the logic in attach_luks_or_plain_or_bitlk_by_tpm2() tries to process it as a
TPM blob first. This did not work properly because it passes n_blobs=1 to
acquire_tpm2_key(), and the key_file is only read when n_blobs == 0. As a
result, the code ends up calling tpm2_unseal(..., blobs=NULL, n_blobs=1, ...).

Before commit 5c6aad9 ("cryptsetup-tokens: Print tpm2-primary-alg: only when it
is known"), the segfault was not observed because tpm2_unseal() was bailing out
early when primary_alg == 0. However, after that change, it attempts to process
the blob (which is NULL) and crashes.

Fix this logic by passing n_blobs=0 to acquire_tpm2_key() so that it actually
reads the key_file. Additionally, assert 'blobs' in tpm2_unseal() as a
safeguard.

Fixes #41867

src/cryptsetup/cryptsetup.c		diff \| blob \| blame \| history
src/shared/tpm2-util.c		diff \| blob \| blame \| history