[systemd-devel] [PATCH] ask-password: prevent buffer overrow when reading from keyring

Lennart Poettering lennart at poettering.net
Tue May 14 14:22:52 UTC 2019

On Mo, 13.05.19 16:58, Thadeu Lima de Souza Cascardo (cascardo at canonical.com) wrote:

> When we read from keyring, a temporary buffer is allocated in order to
> determine the size needed for the entire data. However, when zeroing that area,
> we use the data size returned by the read instead of the lesser size allocate
> for the buffer.
> That will cause memory corruption that causes systemd-cryptsetup to crash
> either when a single large password is used or when multiple passwords have
> already been pushed to the keyring.
> Signed-off-by: Thadeu Lima de Souza Cascardo
> <cascardo at canonical.com>

Converted to a github PR:


Looks great! Thanks!


Lennart Poettering, Berlin

More information about the systemd-devel mailing list