rpms/volume_key
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix a crash when trying to use passphrase encryption in FIPS mode

Browse Source
This commit is contained in:
Miloslav Trmač 2012-11-22 03:28:49 +01:00
parent 6b0d58e6c2
commit 48a54bccf9
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
volume_key-0.3.9-fips-crash.patch Normal file
View File

@ -0,0 +1,33 @@
This case can be triggered by encrypting in FIPS mode, where the default
algorithm is unsupported and gpg crashes in response.
diff --git a/lib/crypto.c b/lib/crypto.c
index 06eb482..905d583 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -709,6 +709,12 @@ encrypt_with_passphrase (size_t *res_size, const void *data, size_t size,
}
gpgme_data_release (src_data);
gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size);
+ if (gpgme_res == NULL)
+ {
+ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO,
+ _("Unknown error getting encryption result"));
+ goto err_ctx;
+ }
res = g_memdup (gpgme_res, *res_size);
gpgme_free (gpgme_res);
@@ -759,6 +765,12 @@ decrypt_with_passphrase (size_t *res_size, const void *data, size_t size,
}
gpgme_data_release (src_data);
gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size);
+ if (gpgme_res == NULL)
+ {
+ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO,
+ _("Unknown error getting decryption result"));
+ goto err_ctx;
+ }
res = g_memdup (gpgme_res, *res_size);
gpgme_free (gpgme_res);

9
volume_key.spec
View File

@ -3,13 +3,15 @@
Summary: An utility for manipulating storage encryption keys and passphrases
Name: volume_key
Version: 0.3.9
Release: 1%{?dist}
Release: 2%{?dist}
License: GPLv2
Group: Applications/System
URL: https://fedorahosted.org/volume_key/
Requires: volume_key-libs%{?_isa} = %{version}-%{release}
Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz
# Upstream commit 04991fe8c4f77c4e5c7874c2db8ca32fb4655f6e
Patch1: volume_key-0.3.9-fips-crash.patch
BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg
BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel
@ -75,6 +77,8 @@ for other formats is possible, some formats are planned for future releases.
%prep
%setup -q
%patch1 -p1 -b .fips-crash
%build
%configure
make %{?_smp_mflags}
@ -114,6 +118,9 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/volume_key.py*
%changelog
* Thu Nov 22 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.9-2
- Fix a crash when trying to use passphrase encryption in FIPS mode
* Sat Sep 22 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.9-1
- Update to volume_key-0.3.9