Hi, this is the sixth version of my patch series which fixes decoding of digests and salts in LUKS2 headers in case they happen to contain escaped characters. While modern cryptsetup versions in fact don't escape any characters part of the Base64 alphabet, old versions of cryptsetup did this until v2.0.2.
There's only a single change compared to v5, which is a removed type
cast that was not in fact needed. I didn't include the feedback from
Nicholas to make the JSON string parsing more lenient. While sensible,
it's rather a theoretical concern right now as theer was only a single
version of cryptsetup that ever wrote escaped characters, and even then
of the Base64 alphabet only the backslash may have been escaped. So I
think we should rather defer any improvements until there we discover
real-world problems or until there are more usecases for this function.
Patrick
Patrick Steinhardt (2):
json: Add function to unescape JSON-encoded strings
luks2: Fix decoding of digests and salts with escaped chars
grub-core/disk/luks2.c | 28 +++++++--
grub-core/lib/json/json.c | 118 ++++++++++++++++++++++++++++++++++++++
grub-core/lib/json/json.h | 12 ++++
3 files changed, 154 insertions(+), 4 deletions(-)
Range-diff against v5:
1: ebab6b092 ! 1: c44675566 json: Add function to unescape JSON-encoded
strings
@@ Commit message
Add a new function `grub_json_unescape ()` that takes a potentially
escaped JSON string as input and returns a new unescaped string.
+ Reviewed-by: Daniel Kiper <dki...@net-space.pl>
Signed-off-by: Patrick Steinhardt <p...@pks.im>
## grub-core/lib/json/json.c ##
2: 60ccd669d ! 2: 16ae4ef05 luks2: Fix decoding of digests and salts with
escaped chars
@@ Commit message
that handles unescaping for us.
Reported-by: Afdal
+ Reviewed-by: Daniel Kiper <dki...@net-space.pl>
Signed-off-by: Patrick Steinhardt <p...@pks.im>
## grub-core/disk/luks2.c ##
@@ grub-core/disk/luks2.c: luks2_scan (grub_disk_t disk,
grub_cryptomount_args_t ca
+ if (grub_json_unescape (&unescaped, &unescaped_len, in, inlen) !=
GRUB_ERR_NONE)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not unescape
Base64 string"));
+
-+ successful = base64_decode (unescaped, (grub_size_t) unescaped_len,
(char *) decoded, decodedlen);
++ successful = base64_decode (unescaped, unescaped_len, (char *) decoded,
decodedlen);
+ grub_free (unescaped);
+ if (!successful)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not decode Base64
string"));
--
2.37.1
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
