diff options
| author | Martin Pitt <martin.pitt@ubuntu.com> | 2010-04-07 08:12:42 +0200 |
|---|---|---|
| committer | Martin Pitt <martin.pitt@ubuntu.com> | 2010-04-07 08:12:42 +0200 |
| commit | 0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4 (patch) | |
| tree | b9269f89f701fc5dd0ffe9b45f76c61f712a169c | |
| parent | 20434375cf9244a33f40c15bbb59431923de1c43 (diff) | |
Bug 27494 — publicly exports dm key information
Change udisks-dm-export to only export UDISKS_DM_TARGETS_PARAMS for "linear"
types. It is the only one we care about for now and know how to interpret.
"crypto" types have information about the encryption key in the target
parameters, which we must not leak.
Also add appropriate comments to the two places which currently evaluate
UDISKS_DM_TARGETS_PARAMS.
| -rw-r--r-- | src/device.c | 2 | ||||
| -rw-r--r-- | src/probers/part-id.c | 2 | ||||
| -rw-r--r-- | src/probers/udisks-dm-export.c | 5 |
3 files changed, 8 insertions, 1 deletions
diff --git a/src/device.c b/src/device.c index bac971d..12cab7c 100644 --- a/src/device.c +++ b/src/device.c @@ -3333,12 +3333,14 @@ update_info_partition_on_linux_dmmp (Device *device) dm_name = g_udev_device_get_property (device->priv->d, "DM_NAME"); if (dm_name == NULL) goto out; targets_type = g_udev_device_get_property_as_strv (device->priv->d, "UDISKS_DM_TARGETS_TYPE"); + /* If we ever need this for other types than "linear", remember to update + udisks-dm-export.c as well. */ if (targets_type == NULL || g_strcmp0 (targets_type[0], "linear") != 0) goto out; targets_params = g_udev_device_get_property_as_strv (device->priv->d, "UDISKS_DM_TARGETS_PARAMS"); if (targets_params == NULL) goto out; diff --git a/src/probers/part-id.c b/src/probers/part-id.c index b61ea07..306eb44 100644 --- a/src/probers/part-id.c +++ b/src/probers/part-id.c @@ -243,12 +243,14 @@ get_part_table_device_file (struct udev_device *given_device, if (encoded_targets_params == NULL) encoded_targets_params = udev_device_get_property_value (given_device, "UDISKS_DM_TARGETS_PARAMS"); //g_printerr ("targets_type=`%s'\n", targets_type); //g_printerr ("encoded_targets_params=`%s'\n", encoded_targets_params); + /* If we ever need this for other types than "linear", remember to update + udisks-dm-export.c as well. */ if (g_strcmp0 (targets_type, "linear") == 0) { gint partition_slave_major; gint partition_slave_minor; guint64 offset_sectors; gchar *targets_params; diff --git a/src/probers/udisks-dm-export.c b/src/probers/udisks-dm-export.c index b950c32..8fff4f9 100644 --- a/src/probers/udisks-dm-export.c +++ b/src/probers/udisks-dm-export.c @@ -284,13 +284,16 @@ dm_export (int major, int minor) next = dm_get_next_target (dmt, next, &start, &length, &target_type, ¶ms); if (target_type != NULL) { g_string_append (target_types_str, target_type); g_string_append_printf (start_str, "%" G_GUINT64_FORMAT, start); g_string_append_printf (length_str, "%" G_GUINT64_FORMAT, length); - if (params != NULL && strlen (params) > 0) + /* Set target_params for known-safe and known-needed target types only. In particular, + * we must not export it for "crypto", since that would expose + * information about the key. */ + if (g_strcmp0 (target_type, "linear") == 0 && params != NULL && strlen (params) > 0) { _udev_util_encode_string (params, buf, sizeof (buf)); g_string_append (params_str, buf); } } |