Package: cryptsetup-bin
Version: 2:2.1.0-5
Severity: serious
Dear Maintainer,
cryptsetup in Stable contains multiple severe integer handling issues.
Created DM device's size is set incorrectly due to integer truncation.
Not only the access to protected data is lost, the integritysetup's
"open" operation actually succeeds. All reads on the incorrectly created
DM device will of course fail with I/O errors due to bad integrity tags,
but all writes will happily write wrong tags at wrong places! This makes
it very easy for the administrator to destroy the data while trying to
recover with --integrity-recovery-mode.
The issue is caused by a new set of functions "dm_*_target_set",
introduced with cryptsetup 2:2.1.0, whose arguments use haphazardly
chosen integer types, even though the actual types are easy to find.
For example, "uint64_t size" is temporarily stored in a size_t variable.
1) stored in lib/utils_dm.h: struct crypt_dm_active_device { uint64_t
size, ... }
2) passed to lib/libdevmapper.c dm_*_target_set(..., (size_t)dmd.size,
...
3) stored in lib/utils_dm.h: struct dm_target { uint64_t size, ... }
Seeing such carelessness in a core crypto software makes me very uneasy.
Best,
n.b.f.
-- Notes:
64-bit systems, whose size_t is 64bit, are safe from this bug.
Partitions smaller than 2TiB (2^32 * 512) are safe from this bug.
Severity: grave may be appropriate due to the potential for data loss.
