dm crypt: reject key strings containing whitespace chars

Unfortunately key_string may theoretically contain whitespace even after it's processed by dm_split_args(). The reason for this is DM core supports escaping of almost all chars including any whitespace. If userspace passes a key to the kernel in format ":32:logon:my_prefix:my\ key" dm-crypt will look up key "my_prefix:my key" in kernel keyring service. So far everything's fine. Unfortunately if userspace later calls DM_TABLE_STATUS ioctl, it will not receive back expected ":32:logon:my_prefix:my\ key" but the unescaped version instead. Also userpace (most notably cryptsetup) is not ready to parse single target argument containing (even escaped) whitespace chars and any whitespace is simply taken as delimiter of another argument. This effect is mitigated by the fact libdevmapper curently performs double escaping of '\' char. Any user input in format "x\ x" is transformed into "x\\ x" before being passed to the kernel. Nonetheless dm-crypt may be used without libdevmapper. Therefore the near-term solution to this is to reject any key string containing whitespace. Signed-off-by: Ondrej Kozina <okozina@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
author: Ondrej Kozina <okozina@redhat.com> 2016-12-01 12:20:52 -0500
committer: Mike Snitzer <snitzer@redhat.com> 2016-12-08 14:13:16 -0500
commit: 027c431ccfcc89f7398d9f3e9bc2eb60e6cc57ad (patch)
tree: cd90793a833d9db7cd3d844eaacdf997e6c86ce5 /drivers/md/dm-crypt.c
parent: b446396b7482938c859bfaa42320026d158616ae (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index da0b2e05fdf1..9b99ee9a8690 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -24,6 +24,7 @@
 #include <linux/atomic.h>
 #include <linux/scatterlist.h>
 #include <linux/rbtree.h>
+#include <linux/ctype.h>
 #include <asm/page.h>
 #include <asm/unaligned.h>
 #include <crypto/hash.h>
@@ -1489,6 +1490,14 @@ static int crypt_setkey(struct crypt_config *cc)
 #ifdef CONFIG_KEYS
+static bool contains_whitespace(const char *str)
+{
+        while (*str)
+                if (isspace(*str++))
+                        return true;
+        return false;
+}
 static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string)
 {
        char *new_key_string, *key_desc;
@@ -1496,6 +1505,15 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
        struct key *key;
        const struct user_key_payload *ukp;
+        /*
+         * Reject key_string with whitespace. dm core currently lacks code for
+         * proper whitespace escaping in arguments on DM_TABLE_STATUS path.
+         */
+        if (contains_whitespace(key_string)) {
+                DMERR("whitespace chars not allowed in key string");
+                return -EINVAL;
+        }
        /* look for next ':' separating key_type from key_description */
        key_desc = strpbrk(key_string, ":");
        if (!key_desc || key_desc == key_string || !strlen(key_desc + 1))
author	Ondrej Kozina <okozina@redhat.com>	2016-12-01 12:20:52 -0500
committer	Mike Snitzer <snitzer@redhat.com>	2016-12-08 14:13:16 -0500
commit	027c431ccfcc89f7398d9f3e9bc2eb60e6cc57ad (patch)
tree	cd90793a833d9db7cd3d844eaacdf997e6c86ce5 /drivers/md/dm-crypt.c
parent	b446396b7482938c859bfaa42320026d158616ae (diff)