diff options
author | Kees Cook <keescook@chromium.org> | 2012-07-31 18:14:18 -0700 |
---|---|---|
committer | Gerrit <chrome-bot@google.com> | 2012-08-01 10:57:46 -0700 |
commit | a8fae24b25d23753973a37ef47373291d674b775 (patch) | |
tree | 900518ff81a6bc4ac6e3dd74bad95969d3dd893d | |
parent | af44dce1e80ebd818770b906a328423762389753 (diff) | |
download | vboot-a8fae24b25d23753973a37ef47373291d674b775.tar.gz |
mount-encrypted: fix some minor security TODOs
Force mode of created key file to 0600, and make sure there is enough
room in the decryption buffer for any possible change to the decryption
algo.
BUG=None
TEST=alex build, manual testing
Change-Id: I89dceec22683ff66b5e1f61a63f14a1db1c4e2ee
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28892
Reviewed-by: Elly Jones <ellyjones@chromium.org>
-rw-r--r-- | utility/mount-helpers.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/utility/mount-helpers.c b/utility/mount-helpers.c index 1abbb934..927adb11 100644 --- a/utility/mount-helpers.c +++ b/utility/mount-helpers.c @@ -553,7 +553,7 @@ char *keyfile_read(const char *keyfile, uint8_t *system_key) g_error_free(error); goto out; } - plain = malloc(length); + plain = malloc(length + EVP_CIPHER_block_size(algo)); if (!plain) { PERROR("malloc"); goto free_cipher; @@ -565,7 +565,6 @@ char *keyfile_read(const char *keyfile, uint8_t *system_key) SSL_ERROR("EVP_DecryptInit"); goto free_plain; } - /* TODO(keescook): this is a heap overflow -- file size not checked. */ if (!EVP_DecryptUpdate(&ctx, plain, &plain_length, cipher, length)) { SSL_ERROR("EVP_DecryptUpdate"); goto free_ctx; @@ -607,8 +606,12 @@ int keyfile_write(const char *keyfile, uint8_t *system_key, char *string) GError *error = NULL; EVP_CIPHER_CTX ctx; const EVP_CIPHER *algo = EVP_aes_256_cbc(); + mode_t mask; DEBUG("Staring to process keyfile %s", keyfile); + /* Have key file be read/write only by root user. */ + mask = umask(0077); + if (EVP_CIPHER_key_length(algo) != DIGEST_LENGTH) { ERROR("cipher key size mismatch (got %d, want %d)", EVP_CIPHER_key_length(algo), DIGEST_LENGTH); @@ -659,7 +662,6 @@ int keyfile_write(const char *keyfile, uint8_t *system_key, char *string) length = cipher_length + final_len; DEBUG("Writing %zu bytes to %s", length, keyfile); - /* TODO(keescook): replace this with a mode-400 writer. */ if (!g_file_set_contents(keyfile, (gchar *)cipher, length, &error)) { ERROR("Unable to write %s: %s", keyfile, error->message); g_error_free(error); @@ -673,6 +675,7 @@ free_ctx: free_cipher: free(cipher); out: + umask(mask); DEBUG("keyfile write rc:%d", rc); return rc; } |