From 371a8f1183f2696b1a58e410d89ff131cfc830a7 Mon Sep 17 00:00:00 2001 From: Vladimir 'phcoder' Serbinenko Date: Sun, 24 Apr 2011 17:50:22 +0200 Subject: [PATCH] Fix a potential buffer overflow --- grub-core/disk/luks.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 7c39002b8..3f98dfc87 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c @@ -32,7 +32,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); #define MAX_PASSPHRASE 256 #define LUKS_KEY_ENABLED 0x00AC71F3 -#define LUKS_STRIPES 4000 /* On disk LUKS header */ struct grub_luks_phdr @@ -301,10 +300,16 @@ luks_recover_key (grub_cryptodisk_t dev, const struct grub_luks_phdr *header, unsigned i; grub_size_t length; grub_err_t err; + grub_size_t max_stripes = 1; grub_printf ("Attempting to decrypt master key...\n"); - split_key = grub_malloc (keysize * LUKS_STRIPES); + for (i = 0; i < ARRAY_SIZE (header->keyblock); i++) + if (grub_be_to_cpu32 (header->keyblock[i].active) == LUKS_KEY_ENABLED + && grub_be_to_cpu32 (header->keyblock[i].stripes) > max_stripes) + max_stripes = grub_be_to_cpu32 (header->keyblock[i].stripes); + + split_key = grub_malloc (keysize * max_stripes); if (!split_key) return grub_errno; @@ -351,8 +356,7 @@ luks_recover_key (grub_cryptodisk_t dev, const struct grub_luks_phdr *header, return grub_crypto_gcry_error (gcry_err); } - length = (grub_be_to_cpu32 (header->keyBytes) - * grub_be_to_cpu32 (header->keyblock[i].stripes)); + length = (keysize * grub_be_to_cpu32 (header->keyblock[i].stripes)); /* Read and decrypt the key material from the disk. */ err = grub_disk_read (source,