From 50207333f1bb4dd7ebc54140815c99ddac34cc00 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 14 Aug 2023 16:36:05 +0200
Subject: [PATCH] Fix a bug in LUKS2 header wipe function with keyslots area.

When formating LUKS2 device with no keyslots area (it's valid
LUKS2 header) there's a bug in wipe routine that is supposed
to wipe LUKS2 keyslots area. When the keyslots area size is of
zero length it causes wipe function to erase whole data device
starting at defined data offset.
---
 lib/luks2/luks2_json_format.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c
index 0868de1d7..045454321 100644
--- a/lib/luks2/luks2_json_format.c
+++ b/lib/luks2/luks2_json_format.c
@@ -363,6 +363,14 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
 	offset = get_min_offset(hdr);
 	length = LUKS2_keyslots_size(hdr);
 
+	/*
+	 * Skip keyslots area wipe in case it is not defined.
+	 * Otherwise we would wipe whole data device (length == 0)
+	 * starting at offset get_min_offset(hdr).
+	 */
+	if (!length)
+		return 0;
+
 	log_dbg(cd, "Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
 		offset, length + offset);