Skip to content

Commit

Permalink
Fix a bug in LUKS2 header wipe function with keyslots area.
Browse files Browse the repository at this point in the history 
When formating LUKS2 device with no keyslots area (it's valid
LUKS2 header) there's a bug in wipe routine that is supposed
to wipe LUKS2 keyslots area. When the keyslots area size is of
zero length it causes wipe function to erase whole data device
starting at defined data offset.
  • Loading branch information
@oniko
oniko committed Aug 15, 2023
1 parent b65fb60 commit 5020733
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions lib/luks2/luks2_json_format.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -363,6 +363,14 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
offset = get_min_offset(hdr);
length = LUKS2_keyslots_size(hdr);

/*
* Skip keyslots area wipe in case it is not defined.
* Otherwise we would wipe whole data device (length == 0)
* starting at offset get_min_offset(hdr).
*/
if (!length)
return 0;

log_dbg(cd, "Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
offset, length + offset);

Expand Down

0 comments on commit 5020733

Please sign in to comment.