teknoraver / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone

Blame SOURCES/0051-cryptsetup-generator-allow-whitespace-characters-in-.patch

36e8a3
From 2a4d58bb2ab9ba5487785cc167932440a4f0c13d Mon Sep 17 00:00:00 2001
36e8a3
From: Michal Sekletar <msekleta@redhat.com>
36e8a3
Date: Tue, 4 Sep 2018 20:03:34 +0200
36e8a3
Subject: [PATCH] cryptsetup-generator: allow whitespace characters in keydev
36e8a3
 specification
36e8a3
36e8a3
For example, <luks.uuid>=/keyfile:LABEL="KEYFILE FS" previously wouldn't
36e8a3
work, because we truncated label at the first whitespace character,
36e8a3
i.e. LABEL="KEYFILE".
36e8a3
36e8a3
(cherry-picked from commit 7949dfa73a44ae6524779689483d12243dfbcfdf)
36e8a3
36e8a3
Related: #1656869
36e8a3
---
36e8a3
 src/cryptsetup/cryptsetup-generator.c | 64 ++++++++++++++++++---------
36e8a3
 1 file changed, 43 insertions(+), 21 deletions(-)
36e8a3
36e8a3
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
36e8a3
index 03c513c26..52c126272 100644
36e8a3
--- a/src/cryptsetup/cryptsetup-generator.c
36e8a3
+++ b/src/cryptsetup/cryptsetup-generator.c
36e8a3
@@ -5,11 +5,13 @@
36e8a3
 
36e8a3
 #include "alloc-util.h"
36e8a3
 #include "dropin.h"
36e8a3
+#include "escape.h"
36e8a3
 #include "fd-util.h"
36e8a3
 #include "fileio.h"
36e8a3
 #include "fstab-util.h"
36e8a3
 #include "generator.h"
36e8a3
 #include "hashmap.h"
36e8a3
+#include "id128-util.h"
36e8a3
 #include "log.h"
36e8a3
 #include "mkdir.h"
36e8a3
 #include "parse-util.h"
36e8a3
@@ -39,7 +41,7 @@ static char *arg_default_options = NULL;
36e8a3
 static char *arg_default_keyfile = NULL;
36e8a3
 
36e8a3
 static int generate_keydev_mount(const char *name, const char *keydev, char **unit, char **mount) {
36e8a3
-        _cleanup_free_ char *u = NULL, *what = NULL, *where = NULL;
36e8a3
+        _cleanup_free_ char *u = NULL, *what = NULL, *where = NULL, *name_escaped = NULL;
36e8a3
         _cleanup_fclose_ FILE *f = NULL;
36e8a3
         int r;
36e8a3
 
36e8a3
@@ -56,7 +58,11 @@ static int generate_keydev_mount(const char *name, const char *keydev, char **un
36e8a3
         if (r < 0 && errno != EEXIST)
36e8a3
                 return -errno;
36e8a3
 
36e8a3
-        where = strjoin("/run/systemd/cryptsetup/keydev-", name);
36e8a3
+        name_escaped = cescape(name);
36e8a3
+        if (!name_escaped)
36e8a3
+                return -ENOMEM;
36e8a3
+
36e8a3
+        where = strjoin("/run/systemd/cryptsetup/keydev-", name_escaped);
36e8a3
         if (!where)
36e8a3
                 return -ENOMEM;
36e8a3
 
36e8a3
@@ -386,36 +392,52 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
36e8a3
                         return log_oom();
36e8a3
 
36e8a3
         } else if (streq(key, "luks.key")) {
36e8a3
+                size_t n;
36e8a3
+                _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
36e8a3
+                char *c;
36e8a3
+                const char *keyspec;
36e8a3
 
36e8a3
                 if (proc_cmdline_value_missing(key, value))
36e8a3
                         return 0;
36e8a3
 
36e8a3
-                r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
36e8a3
-                if (r == 2) {
36e8a3
-                        char *c;
36e8a3
-                        _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
36e8a3
+                n = strspn(value, LETTERS DIGITS "-");
36e8a3
+                if (value[n] != '=') {
36e8a3
+                        if (free_and_strdup(&arg_default_keyfile, value) < 0)
36e8a3
+                                 return log_oom();
36e8a3
+                        return 0;
36e8a3
+                }
36e8a3
 
36e8a3
-                        d = get_crypto_device(uuid);
36e8a3
-                        if (!d)
36e8a3
-                                return log_oom();
36e8a3
+                uuid = strndup(value, n);
36e8a3
+                if (!uuid)
36e8a3
+                        return log_oom();
36e8a3
 
36e8a3
-                        c = strrchr(uuid_value, ':');
36e8a3
-                        if (!c)
36e8a3
-                                /* No keydev specified */
36e8a3
-                                return free_and_replace(d->keyfile, uuid_value);
36e8a3
+                if (!id128_is_valid(uuid)) {
36e8a3
+                        log_warning("Failed to parse luks.key= kernel command line switch. UUID is invalid, ignoring.");
36e8a3
+                        return 0;
36e8a3
+                }
36e8a3
+
36e8a3
+                d = get_crypto_device(uuid);
36e8a3
+                if (!d)
36e8a3
+                        return log_oom();
36e8a3
 
36e8a3
-                        *c = '\0';
36e8a3
-                        keyfile = strdup(uuid_value);
36e8a3
-                        keydev = strdup(++c);
36e8a3
+                keyspec = value + n + 1;
36e8a3
+                c = strrchr(keyspec, ':');
36e8a3
+                if (c) {
36e8a3
+                         *c = '\0';
36e8a3
+                        keyfile = strdup(keyspec);
36e8a3
+                        keydev = strdup(c + 1);
36e8a3
 
36e8a3
                         if (!keyfile || !keydev)
36e8a3
                                 return log_oom();
36e8a3
+                } else {
36e8a3
+                        /* No keydev specified */
36e8a3
+                        keyfile = strdup(keyspec);
36e8a3
+                        if (!keyfile)
36e8a3
+                                return log_oom();
36e8a3
+                }
36e8a3
 
36e8a3
-                        free_and_replace(d->keyfile, keyfile);
36e8a3
-                        free_and_replace(d->keydev, keydev);
36e8a3
-                } else if (free_and_strdup(&arg_default_keyfile, value) < 0)
36e8a3
-                        return log_oom();
36e8a3
-
36e8a3
+                free_and_replace(d->keyfile, keyfile);
36e8a3
+                free_and_replace(d->keydev, keydev);
36e8a3
         } else if (streq(key, "luks.name")) {
36e8a3
 
36e8a3
                 if (proc_cmdline_value_missing(key, value))