Package: cryptsetup-run Version: 2:2.0.6-1 Severity: normal Tags: patch When using an encrypted root file system, user is prompted to enter password to unlock the disk from initramfs. Typing Ctrl+D immediately at the password prompt results in the boot locking up, requiring a hard reset.
Steps to reproduce: - Install Debian, choosing to set up encrypted LVM, e.g. with guided partitioning. - When booting the installed system, a prompt of the form "Please unlock disk sda3_crypt" is displayed. - Press Ctrl+D instead of entering the passphrase. - Nothing further is printed on screen. Attempts to enter the passphrase, or anything else, result in no response. The problem is in the console backend of the askpass binary, which goes into an infinite loop calling getline() if an EOF should occur on stdin at the beginning of a line. The behaviour of getline() with end-of-file conditions seems to be rather odd in some cases, but if it is entered with the eof status already set on the input stream it correctly returns immediately with a -1 result. As askpass repeatedly calls getline until a passphrase is successfully entered, once an eof happens the first time it gets stuck in a busy loop. I circumvented this in the attached patch by clearing the stream flags on failure, causing the Ctrl+D to be ignored. I'm not sure if this is quite the ideal behaviour but I suspect it is probably the best that can be achieved when using cooked input and getline(). Note I have also fixed the incorrect (but harmless) return of NULL from a bool function. Another possible workaround is to install plymouth, which causes a different askpass backend to be used. -- Package-specific info: -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_CRAP Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cryptsetup-run depends on: ii cryptsetup-bin 2:2.0.6-1 ii debconf [debconf-2.0] 1.5.70 ii dmsetup 2:1.02.155-1 ii libc6 2.28-5 cryptsetup-run recommends no packages. Versions of packages cryptsetup-run suggests: ii dosfstools 4.1-2 pn keyutils <none> ii liblocale-gettext-perl 1.07-3+b4 -- debconf information excluded
diff -Nru cryptsetup-2.0.6/debian/askpass.c cryptsetup-2.0.6/debian/askpass.c --- cryptsetup-2.0.6/debian/askpass.c 2018-12-03 19:16:07.000000000 +0000 +++ cryptsetup-2.0.6/debian/askpass.c 2019-02-09 17:38:19.000000000 +0000 @@ -359,8 +359,10 @@ /* Console is in ICANON mode so we'll get entire lines */ nread = getline(&consolebuf, &consolebuflen, stdin); - if (nread < 0) - return NULL; + if (nread < 0) { + clearerr(stdin); + return false; + }; /* Strip trailing newline, if any */ if (nread > 0 && consolebuf[nread - 1] == '\n') {