cryptsetup/0006-fix-potential-null-pointer-dereference.patch

From 5dd515878f23610e541ab761f9c45c6dab1c9700 Mon Sep 17 00:00:00 2001
From: wangzhiqiang <wangzhiqiang95@huawei.com>
Date: Fri, 10 Feb 2023 15:02:23 +0800
Subject: [PATCH 1/2] fix potential null pointer dereference.

Signed-off-by: wangzhiqiang <wangzhiqiang95@huawei.com>
---
 lib/luks2/luks2_digest_pbkdf2.c |  3 +++
 lib/luks2/luks2_json_format.c   | 38 +++++++++++++++++++++++++++++----
 lib/luks2/luks2_json_metadata.c |  8 +++++++
 lib/luks2/luks2_keyslot.c       |  8 +++++++
 lib/luks2/luks2_keyslot_luks2.c | 18 ++++++++++++++++
 lib/luks2/luks2_luks1_convert.c | 24 +++++++++++++++++++++
 src/cryptsetup.c                |  3 +++
 src/integritysetup.c            |  3 +++
 src/veritysetup.c               |  3 +++
 tokens/ssh/cryptsetup-ssh.c     |  8 ++++++-
 10 files changed, 111 insertions(+), 5 deletions(-)

diff --git a/lib/luks2/luks2_digest_pbkdf2.c b/lib/luks2/luks2_digest_pbkdf2.c
index 03c6f49..003d86d 100644
--- a/lib/luks2/luks2_digest_pbkdf2.c
+++ b/lib/luks2/luks2_digest_pbkdf2.c
@@ -148,6 +148,9 @@ static int PBKDF2_digest_store(struct crypt_device *cd,
 		json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests);
 	}
 
+	if (!jobj_digest)
+		return -ENOMEM;
+
 	json_object_object_add(jobj_digest, "type", json_object_new_string("pbkdf2"));
 	json_object_object_add(jobj_digest, "keyslots", json_object_new_array());
 	json_object_object_add(jobj_digest, "segments", json_object_new_array());
diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c
index 350ebf4..45541c3 100644
--- a/lib/luks2/luks2_json_format.c
+++ b/lib/luks2/luks2_json_format.c
@@ -300,29 +300,59 @@ int LUKS2_generate_hdr(
 		return -EINVAL;
 
 	hdr->jobj = json_object_new_object();
+	if (!hdr->jobj) {
+		r = -ENOMEM;
+		goto err;
+	}
 
 	jobj_keyslots = json_object_new_object();
+	if (!jobj_keyslots) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(hdr->jobj, "keyslots", jobj_keyslots);
 	json_object_object_add(hdr->jobj, "tokens", json_object_new_object());
 	jobj_segments = json_object_new_object();
+	if (!jobj_segments) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(hdr->jobj, "segments", jobj_segments);
 	json_object_object_add(hdr->jobj, "digests", json_object_new_object());
 	jobj_config = json_object_new_object();
+	if (!jobj_config) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(hdr->jobj, "config", jobj_config);
 
 	digest = LUKS2_digest_create(cd, "pbkdf2", hdr, vk);
-	if (digest < 0)
+	if (digest < 0) {
+		r = -EINVAL;
 		goto err;
+	}
 
-	if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0)
+	if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0) {
+		r = -EINVAL;
 		goto err;
+	}
 
 	jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher, sector_size, 0);
-	if (!jobj_segment)
+	if (!jobj_segment) {
+		r = -EINVAL;
 		goto err;
+	}
 
 	if (integrity) {
 		jobj_integrity = json_object_new_object();
+		if (!jobj_integrity) {
+			r = -ENOMEM;
+			goto err;
+		}
+
 		json_object_object_add(jobj_integrity, "type", json_object_new_string(integrity));
 		json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string("none"));
 		json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string("none"));
@@ -339,7 +369,7 @@ int LUKS2_generate_hdr(
 err:
 	json_object_put(hdr->jobj);
 	hdr->jobj = NULL;
-	return -EINVAL;
+	return r;
 }
 
 int LUKS2_wipe_header_areas(struct crypt_device *cd,
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
index 0c449ee..e12b3c7 100644
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -90,6 +90,9 @@ struct json_object *LUKS2_array_remove(struct json_object *array, const char *nu
 
 	/* Create new array without jobj_removing. */
 	array_new = json_object_new_array();
+	if (!array_new)
+		return NULL;
+
 	for (i = 0; i < (int) json_object_array_length(array); i++) {
 		jobj1 = json_object_array_get_idx(array, i);
 		if (jobj1 != jobj_removing)
@@ -456,6 +459,9 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj
 
 	json = json_object_to_json_string_ext(hdr_jobj,
 		JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
+	if (!json)
+		return 1;
+
 	json_area_size = crypt_jobj_get_uint64(jobj1);
 	json_size = (uint64_t)strlen(json);
 
@@ -1362,6 +1368,8 @@ int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3
 		return 0;
 
 	jobj_flags = json_object_new_array();
+	if (!jobj_flags)
+		return -ENOMEM;
 
 	for (i = 0; persistent_flags[i].description; i++) {
 		if (flags & persistent_flags[i].flag) {
diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c
index 3d70186..c2a4088 100644
--- a/lib/luks2/luks2_keyslot.c
+++ b/lib/luks2/luks2_keyslot.c
@@ -838,6 +838,9 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
 		return -EINVAL;
 
 	jobj_keyslot = json_object_new_object();
+	if (!jobj_keyslot)
+		return -ENOMEM;
+
 	json_object_object_add(jobj_keyslot, "type", json_object_new_string("placeholder"));
 	/*
 	 * key_size = -1 makes placeholder keyslot impossible to pass validation.
@@ -848,6 +851,11 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
 
 	/* Area object */
 	jobj_area = json_object_new_object();
+	if (!jobj_area) {
+		json_object_put(jobj_keyslot);
+		return -ENOMEM;
+	}
+
 	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
 	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
 	json_object_object_add(jobj_keyslot, "area", jobj_area);
diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c
index 49b3a75..1513d25 100644
--- a/lib/luks2/luks2_keyslot_luks2.c
+++ b/lib/luks2/luks2_keyslot_luks2.c
@@ -489,17 +489,32 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
 	}
 
 	jobj_keyslot = json_object_new_object();
+	if (!jobj_keyslot) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(jobj_keyslot, "type", json_object_new_string("luks2"));
 	json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(volume_key_len));
 
 	/* AF object */
 	jobj_af = json_object_new_object();
+	if (!jobj_af) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
 	json_object_object_add(jobj_af, "stripes", json_object_new_int(params->af.luks1.stripes));
 	json_object_object_add(jobj_keyslot, "af", jobj_af);
 
 	/* Area object */
 	jobj_area = json_object_new_object();
+	if (!jobj_area) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
 	json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
 	json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
@@ -518,6 +533,9 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
 		json_object_object_del_by_uint(jobj_keyslots, keyslot);
 
 	return r;
+err:
+	json_object_put(jobj_keyslot);
+	return r;
 }
 
 static int luks2_keyslot_open(struct crypt_device *cd,
diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
index 84fd44f..8350dba 100644
--- a/lib/luks2/luks2_luks1_convert.c
+++ b/lib/luks2/luks2_luks1_convert.c
@@ -38,13 +38,24 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
 	size_t base64_len;
 	struct json_object *keyslot_obj, *field, *jobj_kdf, *jobj_af, *jobj_area;
 	uint64_t offset, area_size, offs_a, offs_b, length;
+	int r;
 
 	keyslot_obj = json_object_new_object();
+	if (!keyslot_obj) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2"));
 	json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes));
 
 	/* KDF */
 	jobj_kdf = json_object_new_object();
+	if (!jobj_kdf) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2));
 	json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec));
 	json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations));
@@ -64,6 +75,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
 
 	/* AF */
 	jobj_af = json_object_new_object();
+	if (!jobj_af) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
 	json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec));
 	/* stripes field ignored, fixed to LUKS_STRIPES (4000) */
@@ -72,6 +88,11 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
 
 	/* Area */
 	jobj_area = json_object_new_object();
+	if (!jobj_area) {
+		r = -ENOMEM;
+		goto err;
+	}
+
 	json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
 
 	/* encryption algorithm field */
@@ -97,6 +118,9 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
 
 	*keyslot_object = keyslot_obj;
 	return 0;
+err:
+	json_object_put(keyslot_obj);
+	return r;
 }
 
 static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object)
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index e785dc3..78421a6 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -3767,6 +3767,9 @@ int main(int argc, const char **argv)
 	textdomain(PACKAGE);
 
 	popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0);
+	if (!popt_context)
+		exit(EXIT_FAILURE);
+
 	poptSetOtherOptionHelp(popt_context,
 	                       _("[OPTION...] <action> <action-specific>"));
 
diff --git a/src/integritysetup.c b/src/integritysetup.c
index 4604302..468a8cf 100644
--- a/src/integritysetup.c
+++ b/src/integritysetup.c
@@ -569,6 +569,9 @@ int main(int argc, const char **argv)
 	textdomain(PACKAGE);
 
 	popt_context = poptGetContext("integrity", argc, argv, popt_options, 0);
+	if (!popt_context)
+		exit(EXIT_FAILURE);
+
 	poptSetOtherOptionHelp(popt_context,
 	                       _("[OPTION...] <action> <action-specific>"));
 
diff --git a/src/veritysetup.c b/src/veritysetup.c
index 04fd996..2a701af 100644
--- a/src/veritysetup.c
+++ b/src/veritysetup.c
@@ -588,6 +588,9 @@ int main(int argc, const char **argv)
 	textdomain(PACKAGE);
 
 	popt_context = poptGetContext("verity", argc, argv, popt_options, 0);
+	if (!popt_context)
+		exit(EXIT_FAILURE);
+
 	poptSetOtherOptionHelp(popt_context,
 	                       _("[OPTION...] <action> <action-specific>"));
 
diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c
index c1d0a60..87c55d5 100644
--- a/tokens/ssh/cryptsetup-ssh.c
+++ b/tokens/ssh/cryptsetup-ssh.c
@@ -78,13 +78,19 @@ static int token_add(
 
 	r = -EINVAL;
 	jobj = json_object_new_object();
-	if (!jobj)
+	if (!jobj) {
+		r = -ENOMEM;
 		goto out;
+	}
 
 	/* type is mandatory field in all tokens and must match handler name member */
 	json_object_object_add(jobj, "type", json_object_new_string(TOKEN_NAME));
 
 	jobj_keyslots = json_object_new_array();
+	if (!jobj_keyslots) {
+		r = -ENOMEM;
+		goto out;
+	}
 
 	/* mandatory array field (may be empty and assigned later */
 	json_object_object_add(jobj, "keyslots", jobj_keyslots);
-- 
2.33.0