On Fri, 2019-03-01 at 17:09 +0100, Franck LENORMAND wrote: > @@ -2025,16 +2027,15 @@ static int crypt_set_keyring_key(struct > crypt_config *cc, const char *key_string > if (!key_desc || key_desc == key_string || !strlen(key_desc > + 1)) > return -EINVAL; > > - if (strncmp(key_string, "logon:", key_desc - key_string + 1) > && > - strncmp(key_string, "user:", key_desc - key_string + 1)) > - return -EINVAL; > + type = get_key_type(key_string, key_desc - key_string); > + if (!type) > + return -ENOENT;
You can't do this. This check ensures that the key responds correctly to user_key_payload_locked() lower down. To do that, the payload has to be in a specific form. You ensured that yours are, but dm-crypt will now accept any key type, load the user payload blindly and create all sorts of mayhem in the kernel because of the structural differences in payload types. James -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
