1 files changed, 32 insertions, 0 deletions

diff --git a/debian/patches/ask-password-prevent-buffer-overflow-when-reading-from-ke.patch b/debian/patches/ask-password-prevent-buffer-overflow-when-reading-from-ke.patch
new file mode 100644
index 0000000..dc46353
--- /dev/null
+++ b/debian/patches/ask-password-prevent-buffer-overflow-when-reading-from-ke.patch
@@ -0,0 +1,32 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 27 Jun 2019 15:02:40 +0200
+Subject: ask-password: prevent buffer overflow when reading from keyring
+
+When we read from keyring, a temporary buffer is allocated in order to
+determine the size needed for the entire data. However, when zeroing that area,
+we use the data size returned by the read instead of the lesser size allocate
+for the buffer.
+
+That will cause memory corruption that causes systemd-cryptsetup to crash
+either when a single large password is used or when multiple passwords have
+already been pushed to the keyring.
+
+Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
+(cherry picked from commit 59c55e73eaee345e1ee67c23eace8895ed499693)
+---
+ src/shared/ask-password-api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
+index 072bf72..97a800f 100644
+--- a/src/shared/ask-password-api.c
++++ b/src/shared/ask-password-api.c
+@@ -81,7 +81,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
+                 if (n < m)
+                         break;
+ 
+-                explicit_bzero_safe(p, n);
++                explicit_bzero_safe(p, m);
+                 free(p);
+                 m *= 2;
+         }