Package: systemd
Version: 241-5
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu eoan ubuntu-patch
Dear Maintainer,
When we read from keyring, a temporary buffer is allocated in order to
determine the size needed for the entire data. However, when zeroing that area,
we use the data size returned by the read instead of the lesser size allocate
for the buffer.
That will cause memory corruption that causes systemd-cryptsetup to crash
either when a single large password is used or when multiple passwords have
already been pushed to the keyring
* d/p/ask-password-prevent-buffer-overrow-when-reading-fro.patch:
- prevent buffer overflow when reading keyring (LP: #1814373)
Thanks for considering the patch.
-- System Information:
Debian Release: buster/sid
APT prefers disco-updates
APT policy: (500, 'disco-updates'), (500, 'disco-security'), (500, 'disco'),
(100, 'disco-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.0.0-13-generic (SMP w/24 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd is related to:
pn dracut
ii initramfs-tools 0.131ubuntu19
ii udev 240-6ubuntu5
diff -Nru
systemd-241/debian/patches/ask-password-prevent-buffer-overrow-when-reading-fro.patch
systemd-241/debian/patches/ask-password-prevent-buffer-overrow-when-reading-fro.patch
---
systemd-241/debian/patches/ask-password-prevent-buffer-overrow-when-reading-fro.patch
1969-12-31 19:00:00.0 -0500
+++
systemd-241/debian/patches/ask-password-prevent-buffer-overrow-when-reading-fro.patch
2019-05-29 11:44:09.0 -0400
@@ -0,0 +1,35 @@
+From 59c55e73eaee345e1ee67c23eace8895ed499693 Mon Sep 17 00:00:00 2001
+From: Thadeu Lima de Souza Cascardo
+Date: Mon, 13 May 2019 16:58:01 -0300
+Subject: [PATCH] ask-password: prevent buffer overrow when reading from
+ keyring
+
+When we read from keyring, a temporary buffer is allocated in order to
+determine the size needed for the entire data. However, when zeroing that area,
+we use the data size returned by the read instead of the lesser size allocate
+for the buffer.
+
+That will cause memory corruption that causes systemd-cryptsetup to crash
+either when a single large password is used or when multiple passwords have
+already been pushed to the keyring.
+
+Signed-off-by: Thadeu Lima de Souza Cascardo
+
+Origin: upstream,
https://github.com/systemd/systemd/commit/59c55e73eaee345e1ee67c23eace8895ed499693
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814373
+
+---
+ src/shared/ask-password-api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/shared/ask-password-api.c
b/src/shared/ask-password-api.c
+@@ -81,7 +81,7 @@
+ if (n < m)
+ break;
+
+-explicit_bzero_safe(p, n);
++explicit_bzero_safe(p, m);
+ free(p);
+ m *= 2;
+ }
diff -Nru systemd-241/debian/patches/series systemd-241/debian/patches/series
--- systemd-241/debian/patches/series 2019-05-24 16:58:59.0 -0400
+++ systemd-241/debian/patches/series 2019-05-29 11:44:29.0 -0400
@@ -35,3 +35,4 @@
debian/Let-graphical-session-pre.target-be-manually-started.patch
debian/Add-env-variable-for-machine-ID-path.patch
debian/Drop-seccomp-system-call-filter-for-udev.patch
+ask-password-prevent-buffer-overrow-when-reading-fro.patch
