Bug#513596: cryptsetup: A patch for this issue

Fri, 30 Jan 2009 08:23:15 -0800 

Package: cryptsetup
Version: 2:1.0.6-7
Followup-For: Bug #513596


I just looked in the source, and the problem comes from lib/setup.c where
it's explicitly denied to remove a key with itselfs (keyIndex == openedIndex).

The attached patch removes this extra check. I rebuild the package and installed
it, and it seems to work fine, I'm able to have an unusable luks partition :

r...@pierre:/tmp# cryptsetup luksDump /dev/mapper/pierre-testluks
LUKS header information for /dev/mapper/pierre-testluks

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 2056
MK bits:        256
MK digest:      2b ba 0b 5a f9 cb 49 57 f6 db 7e cd 94 a6 21 fb 48 83 e3 02 
MK salt:        58 89 47 04 76 85 e3 77 75 09 2e eb 41 e2 f7 18 
                8e 9f 27 03 38 a0 94 87 5e 95 1d fa 98 80 e3 9d 
MK iterations:  10
UUID:           1defedc2-a202-46fe-81ca-5ddbf997a891

Key Slot 0: DISABLED
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

I didn't noticed any side effect for now...


-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18-6-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.27-4 The Linux Kernel Device Mapper use
ii  libc6                        2.7-18      GNU C Library: Shared libraries
ii  libdevmapper1.02.1           2:1.02.27-4 The Linux Kernel Device Mapper use
ii  libpopt0                     1.14-4      lib for parsing cmdline parameters
ii  libuuid1                     1.41.3-1    universally unique id library

cryptsetup recommends no packages.

Versions of packages cryptsetup suggests:
ii  dosfstools                    3.0.1-1    utilities for making and checking 
ii  initramfs-tools [linux-initra 0.92o      tools for generating an initramfs
ii  udev                          0.125-7    /dev/ and hotplug management daemo

-- no debconf information

diff -ru cryptsetup-1.0.6.orig/lib/setup.c cryptsetup-1.0.6/lib/setup.c
--- cryptsetup-1.0.6.orig/lib/setup.c	2009-01-30 17:06:59.000000000 +0100
+++ cryptsetup-1.0.6/lib/setup.c	2009-01-30 17:07:59.000000000 +0100
@@ -659,7 +659,7 @@
                         LUKS_dealloc_masterkey(mk);
                         mk = NULL;
                 }
-		if(openedIndex < 0 || keyIndex == openedIndex) {
+		if(openedIndex < 0) {
                             options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
 			    r = -EPERM; goto out;
 		} else

Reply via email to