diff options
author | Lennart Poettering <lennart@poettering.net> | 2019-12-17 18:39:53 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2019-12-17 18:54:00 +0100 |
commit | 12f69587e97361b5eedaff4ad0a68843dc45219c (patch) | |
tree | 99efc99f1f3943fd87574e3502352979e1f2e44f /src/cryptsetup/cryptsetup-pkcs11.c | |
parent | 2ccf0ff6e8cdeca63ae25e6714bc14defc4df5a2 (diff) | |
download | systemd-12f69587e97361b5eedaff4ad0a68843dc45219c.tar.gz |
cryptsetup-pkcs11: refuse keys above 16MiB size
Diffstat (limited to 'src/cryptsetup/cryptsetup-pkcs11.c')
-rw-r--r-- | src/cryptsetup/cryptsetup-pkcs11.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/cryptsetup/cryptsetup-pkcs11.c b/src/cryptsetup/cryptsetup-pkcs11.c index c259a766d7..5c4d3acc97 100644 --- a/src/cryptsetup/cryptsetup-pkcs11.c +++ b/src/cryptsetup/cryptsetup-pkcs11.c @@ -12,12 +12,15 @@ #include "cryptsetup-pkcs11.h" #include "escape.h" #include "fd-util.h" +#include "format-util.h" #include "macro.h" #include "memory-util.h" #include "pkcs11-util.h" #include "stat-util.h" #include "strv.h" +#define KEY_FILE_SIZE_MAX (16U*1024U*1024U) /* 16 MiB */ + static int load_key_file( const char *key_file, size_t key_file_size, @@ -50,8 +53,13 @@ static int load_key_file( if (st.st_size == 0) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Key file is empty, refusing."); - if ((uint64_t) st.st_size > SIZE_MAX) - return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Key file too large, refusing."); + if ((uint64_t) st.st_size > KEY_FILE_SIZE_MAX) { + char buf1[FORMAT_BYTES_MAX], buf2[FORMAT_BYTES_MAX]; + return log_error_errno(SYNTHETIC_ERRNO(ERANGE), + "Key file larger (%s) than allowed maximum size (%s), refusing.", + format_bytes(buf1, sizeof(buf1), st.st_size), + format_bytes(buf2, sizeof(buf2), KEY_FILE_SIZE_MAX)); + } if (key_file_offset >= (uint64_t) st.st_size) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Key file offset too large for file, refusing."); |