LinuxLists.cc - [PATCH] dm-crypt: fix incorrect use of strcmp when telling if there is no key

2022-11-07 12:49:37

Subject: [PATCH] dm-crypt: fix incorrect use of strcmp when telling if there is no key

strcmp returns 0 when two strings are equal.

Fixes: 69a8cfcda210 ("dm crypt: set key size early")
Signed-off-by: Coiby Xu <[email protected]>
---
drivers/md/dm-crypt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 159c6806c19b..cfefe0f18150 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2590,7 +2590,7 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
int key_string_len = strlen(key);

/* Hyphen (which gives a key_size of zero) means there is no key. */
- if (!cc->key_size && strcmp(key, "-"))
+ if (!cc->key_size && !strcmp(key, "-"))
goto out;

/* ':' means the key is in kernel keyring, short-circuit normal key processing */
--
2.38.1

2022-11-08 16:09:16

by Milan Broz

[permalink] [raw]

Subject: Re: [dm-devel] [PATCH] dm-crypt: fix incorrect use of strcmp when telling if there is no key

On 11/7/22 13:22, Coiby Xu wrote:
> strcmp returns 0 when two strings are equal.
>
> Fixes: 69a8cfcda210 ("dm crypt: set key size early")
> Signed-off-by: Coiby Xu <[email protected]>
> ---
> drivers/md/dm-crypt.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
> index 159c6806c19b..cfefe0f18150 100644
> --- a/drivers/md/dm-crypt.c
> +++ b/drivers/md/dm-crypt.c
> @@ -2590,7 +2590,7 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
> int key_string_len = strlen(key);
>
> /* Hyphen (which gives a key_size of zero) means there is no key. */
> - if (!cc->key_size && strcmp(key, "-"))
> + if (!cc->key_size && !strcmp(key, "-"))
> goto out;

NACK. The code is correct.

The comment is a little bit misleading - it actually says that "-" is valid here.

If key_size is 0 (see above: key_size = strlen(key) >> 1;) and key
is NOT "-" (empty key) return error.

Key "-" is a valid key, means no key used (used for null cipher).

Try this with and without your patch (it uses null cipher that takes no key):

dmsetup create test --table "0 8 crypt cipher_null-ecb - 0 /dev/sdb 0"

With your patch it no longer works.

Please, run cryptsetup testsuite before sending patches, tests/mode-tests fails
immediately with your patch!

Thanks,
Milan