summaryrefslogtreecommitdiffstats
path: root/lib/luks2/luks2_keyslot.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/luks2/luks2_keyslot.c')
-rw-r--r--lib/luks2/luks2_keyslot.c35
1 files changed, 22 insertions, 13 deletions
diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c
index 5cf4b83..40816eb 100644
--- a/lib/luks2/luks2_keyslot.c
+++ b/lib/luks2/luks2_keyslot.c
@@ -1,8 +1,8 @@
/*
* LUKS - Linux Unified Key Setup v2, keyslot handling
*
- * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2024 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2024 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -578,6 +578,8 @@ int LUKS2_keyslot_open(struct crypt_device *cd,
int r_prio, r = -EINVAL;
hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
+ if (!hdr)
+ return -EINVAL;
if (keyslot == CRYPT_ANY_SLOT) {
r_prio = LUKS2_keyslot_open_priority(cd, hdr, CRYPT_SLOT_PRIORITY_PREFER,
@@ -676,8 +678,7 @@ int LUKS2_keyslot_store(struct crypt_device *cd,
int LUKS2_keyslot_wipe(struct crypt_device *cd,
struct luks2_hdr *hdr,
- int keyslot,
- int wipe_area_only)
+ int keyslot)
{
struct device *device = crypt_metadata_device(cd);
uint64_t area_offset, area_length;
@@ -694,9 +695,6 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
if (!jobj_keyslot)
return -ENOENT;
- if (wipe_area_only)
- log_dbg(cd, "Wiping keyslot %d area only.", keyslot);
-
r = LUKS2_device_write_lock(cd, hdr, device);
if (r)
return r;
@@ -720,9 +718,6 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
}
}
- if (wipe_area_only)
- goto out;
-
/* Slot specific wipe */
if (h) {
r = h->wipe(cd, keyslot);
@@ -803,6 +798,9 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
return -EINVAL;
jobj_keyslot = json_object_new_object();
+ if (!jobj_keyslot)
+ return -ENOMEM;
+
json_object_object_add(jobj_keyslot, "type", json_object_new_string("placeholder"));
/*
* key_size = -1 makes placeholder keyslot impossible to pass validation.
@@ -813,11 +811,19 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
/* Area object */
jobj_area = json_object_new_object();
+ if (!jobj_area) {
+ json_object_put(jobj_keyslot);
+ return -ENOMEM;
+ }
+
json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
json_object_object_add(jobj_keyslot, "area", jobj_area);
- json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
+ if (json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot)) {
+ json_object_put(jobj_keyslot);
+ return -EINVAL;
+ }
return 0;
}
@@ -899,7 +905,7 @@ int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj)
return 0;
}
-void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_keyslots)
+void LUKS2_keyslots_repair(struct crypt_device *cd __attribute__((unused)), json_object *jobj_keyslots)
{
const keyslot_handler *h;
json_object *jobj_type;
@@ -964,14 +970,17 @@ int LUKS2_keyslot_swap(struct crypt_device *cd, struct luks2_hdr *hdr,
json_object_object_del_by_uint(jobj_keyslots, keyslot);
r = json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot2);
if (r < 0) {
+ json_object_put(jobj_keyslot2);
log_dbg(cd, "Failed to swap keyslot %d.", keyslot);
return r;
}
json_object_object_del_by_uint(jobj_keyslots, keyslot2);
r = json_object_object_add_by_uint(jobj_keyslots, keyslot2, jobj_keyslot);
- if (r < 0)
+ if (r < 0) {
+ json_object_put(jobj_keyslot);
log_dbg(cd, "Failed to swap keyslot2 %d.", keyslot2);
+ }
return r;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-07 03:23:56 +0000