grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v5 0/2] luks2: Fix decoding of digests and salts with escaped cha


From: Patrick Steinhardt
Subject: [PATCH v5 0/2] luks2: Fix decoding of digests and salts with escaped chars
Date: Mon, 11 Jul 2022 12:44:50 +0200

Hi,

this is the fifth version of my patch series which fixes decoding of
digests and salts in LUKS2 headers in case they happen to contain
escaped characters. While modern cryptsetup versions in fact don't
escape any characters part of the Base64 alphabet, old versions of
cryptsetup did this until v2.0.2.

Changes compared to v4 include mostly style-related fixes pointed out by
Daniel. Please refer to the range-diff below.

Patrick

Patrick Steinhardt (2):
  json: Add function to unescape JSON-encoded strings
  luks2: Fix decoding of digests and salts with escaped chars

 grub-core/disk/luks2.c    |  28 +++++++--
 grub-core/lib/json/json.c | 118 ++++++++++++++++++++++++++++++++++++++
 grub-core/lib/json/json.h |  12 ++++
 3 files changed, 154 insertions(+), 4 deletions(-)

Range-diff against v4:
1:  c2233323a ! 1:  ebab6b092 json: Add function to unescape JSON-encoded 
strings
    @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, const 
grub_jso
     +  grub_size_t inpos, resultpos;
     +  char *result;
     +
    -+  if (!out || !outlen)
    -+    return grub_error (GRUB_ERR_BAD_ARGUMENT, "Output parameters are not 
set");
    ++  if (out == NULL || outlen == NULL)
    ++    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("output parameters are 
not set"));
     +
     +  result = grub_calloc (1, inlen + 1);
    -+  if (!result)
    ++  if (result == NULL)
     +    return GRUB_ERR_OUT_OF_MEMORY;
     +
     +  for (inpos = resultpos = 0; inpos < inlen; inpos++)
    @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, const 
grub_jso
     +    inpos++;
     +    if (inpos >= inlen)
     +      {
    -+        ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Expected escaped 
character");
    ++        ret = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("expected escaped 
character"));
     +        goto err;
     +      }
     +
     +    switch (in[inpos])
     +      {
     +        case '"':
    -+          result[resultpos++] = '"'; break;
    ++          result[resultpos++] = '"';
    ++          break;
    ++
     +        case '/':
    -+          result[resultpos++] = '/'; break;
    ++          result[resultpos++] = '/';
    ++          break;
    ++
     +        case '\\':
    -+          result[resultpos++] = '\\'; break;
    ++          result[resultpos++] = '\\';
    ++          break;
    ++
     +        case 'b':
    -+          result[resultpos++] = '\b'; break;
    ++          result[resultpos++] = '\b';
    ++          break;
    ++
     +        case 'f':
    -+          result[resultpos++] = '\f'; break;
    ++          result[resultpos++] = '\f';
    ++          break;
    ++
     +        case 'r':
    -+          result[resultpos++] = '\r'; break;
    ++          result[resultpos++] = '\r';
    ++          break;
    ++
     +        case 'n':
    -+          result[resultpos++] = '\n'; break;
    ++          result[resultpos++] = '\n';
    ++          break;
    ++
     +        case 't':
    -+          result[resultpos++] = '\t'; break;
    ++          result[resultpos++] = '\t';
    ++          break;
    ++
     +        case 'u':
     +          {
    -+            unsigned char values[4] = {0};
    -+            int i;
    ++            char values[4] = {0};
    ++            unsigned i;
     +
     +            inpos++;
     +            if (inpos + ARRAY_SIZE(values) > inlen)
     +              {
    -+                ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Unicode 
sequence too short");
    ++                ret = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unicode 
sequence too short"));
     +                goto err;
     +              }
     +
    -+            for (i = 0; i < 4; i++)
    ++            for (i = 0; i < ARRAY_SIZE(values); i++)
     +              {
     +                char c = in[inpos++];
     +
    @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, const 
grub_jso
     +                else
     +                  {
     +                    ret = grub_error (GRUB_ERR_BAD_ARGUMENT,
    -+                                      "Unicode sequence with invalid 
character '%c'", c);
    ++                                      N_("unicode sequence with invalid 
character '%c'"), c);
     +                    goto err;
     +                  }
     +              }
    @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, const 
grub_jso
     +
     +            break;
     +          }
    ++
     +        default:
    -+          ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Unrecognized escaped 
character '%c'", in[inpos]);
    ++          ret = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("unrecognized 
escaped character '%c'"), in[inpos]);
     +          goto err;
     +      }
     +  }
    @@ grub-core/lib/json/json.c: grub_json_getint64 (grub_int64_t *out, const 
grub_jso
     +  *out = result;
     +  *outlen = resultpos;
     +
    -+err:
    ++ err:
     +  if (ret != GRUB_ERR_NONE)
     +    grub_free (result);
     +
2:  84370adba ! 2:  60ccd669d luks2: Fix decoding of digests and salts with 
escaped chars
    @@ grub-core/disk/luks2.c: luks2_scan (grub_disk_t disk, 
grub_cryptomount_args_t ca
     +  bool successful;
     +
     +  if (grub_json_unescape (&unescaped, &unescaped_len, in, inlen) != 
GRUB_ERR_NONE)
    -+    return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not unescape Base64 
string");
    ++    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not unescape 
Base64 string"));
     +
    -+  successful = base64_decode (unescaped, (size_t)unescaped_len, (char 
*)decoded, decodedlen);
    ++  successful = base64_decode (unescaped, (grub_size_t) unescaped_len, 
(char *) decoded, decodedlen);
     +  grub_free (unescaped);
     +  if (!successful)
    -+    return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not decode Base64 
string");
    ++    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not decode Base64 
string"));
     +
     +  return GRUB_ERR_NONE;
     +}
-- 
2.37.0

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]