Hi!
Yesterday, I wrote that I had looked into the cryptsetup code and now
that I looked into the SVN version, it looks like that potential
SIGSEGV was already corrected in Nov 2007. :-)
I think I spotted another problem: when deleting a key and a
confirmation is asked for that opens another key, that other key is
not erased with LUKS_dealloc_masterkey(). Maybe I don't understand
the internals well enough, but at first sight it looks like something
is missing. Maybe someone could have look. That would be in setup.c
in function luks_remove_helper, and my proposed patch looks like this:
Index: setup.c
===================================================================
--- setup.c (revision 46)
+++ setup.c (working copy)
@@ -649,6 +649,10 @@
r = -EINVAL; goto out;
}
openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
+ if (openedIndex >= 0) {
+ LUKS_dealloc_masterkey(mk);
+ mk= NULL;
+ }
if(openedIndex < 0 || keyIndex == openedIndex) {
options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
r = -EPERM; goto out;
Bye,
Henrik
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
