summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2022-04-01 17:01:29 +0200
committerYu Watanabe <watanabe.yu+github@gmail.com>2022-04-02 02:22:39 +0900
commitbd4dea76de6355778079ba4945846324cef2a043 (patch)
tree736100db3104c7f08a8344fa0e5f7586f4d7e125 /src
parent95cd21928fae6e1806176cd56853cc1e490607ff (diff)
downloadsystemd-bd4dea76de6355778079ba4945846324cef2a043.tar.gz
veritysetup: fix memory corruption
We must copy the option string, since in one case we are called with a pointer into dynamic memory that will be freed by the caller. As discussed here: https://github.com/systemd/systemd/pull/22908/files#r839394490 Follow-up for: #22908
Diffstat (limited to 'src')
-rw-r--r--src/veritysetup/veritysetup.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c
index 1d1baaa59d..ae497b02ee 100644
--- a/src/veritysetup/veritysetup.c
+++ b/src/veritysetup/veritysetup.c
@@ -17,7 +17,9 @@
#include "terminal-util.h"
static uint32_t arg_activate_flags = CRYPT_ACTIVATE_READONLY;
-static const char *arg_root_hash_signature = NULL;
+static char *arg_root_hash_signature = NULL;
+
+STATIC_DESTRUCTOR_REGISTER(arg_root_hash_signature, freep);
static int help(void) {
_cleanup_free_ char *link = NULL;
@@ -39,13 +41,17 @@ static int help(void) {
}
static int save_roothashsig_option(const char *option, bool strict) {
+ int r;
if (path_is_absolute(option) || startswith(option, "base64:")) {
if (!HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY)
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Activation of verity device with signature requested, but cryptsetup does not support crypt_activate_by_signed_key().");
- arg_root_hash_signature = option;
+ r = free_and_strdup_warn(&arg_root_hash_signature, option);
+ if (r < 0)
+ return r;
+
return true;
}
@@ -60,10 +66,10 @@ static int parse_options(const char *options) {
int r;
/* backward compatibility with the obsolete ROOTHASHSIG positional argument */
- r = save_roothashsig_option(options, false);
+ r = save_roothashsig_option(options, /* strict= */ false);
if (r < 0)
return r;
- if (r == 1) {
+ if (r > 0) {
log_warning("Usage of ROOTHASHSIG positional argument is deprecated. "
"Please use the option root-hash-signature=%s instead.", options);
return 0;
@@ -99,7 +105,7 @@ static int parse_options(const char *options) {
arg_activate_flags |= CRYPT_ACTIVATE_PANIC_ON_CORRUPTION;
#endif
else if ((val = startswith(word, "root-hash-signature="))) {
- r = save_roothashsig_option(val, true);
+ r = save_roothashsig_option(val, /* strict= */ true);
if (r < 0)
return r;