[PATCH] dm-crypt: fix incorrect use of strcmp when telling if there is no key

[PATCH] dm-crypt: fix incorrect use of strcmp when telling if there is no key

[Coiby Xu]

strcmp returns 0 when two strings are equal.

Fixes: 69a8cfcda210 ("dm crypt: set key size early")
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 drivers/md/dm-crypt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 159c6806c19b..cfefe0f18150 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2590,7 +2590,7 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
 	int key_string_len = strlen(key);
 
 	/* Hyphen (which gives a key_size of zero) means there is no key. */
-	if (!cc->key_size && strcmp(key, "-"))
+	if (!cc->key_size && !strcmp(key, "-"))
 		goto out;
 
 	/* ':' means the key is in kernel keyring, short-circuit normal key processing */
-- 
2.38.1

[dm-devel] [PATCH] dm-crypt: fix incorrect use of strcmp when telling if there is no key

[Coiby Xu]

strcmp returns 0 when two strings are equal.

Fixes: 69a8cfcda210 ("dm crypt: set key size early")
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 drivers/md/dm-crypt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 159c6806c19b..cfefe0f18150 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2590,7 +2590,7 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
 	int key_string_len = strlen(key);
 
 	/* Hyphen (which gives a key_size of zero) means there is no key. */
-	if (!cc->key_size && strcmp(key, "-"))
+	if (!cc->key_size && !strcmp(key, "-"))
 		goto out;
 
 	/* ':' means the key is in kernel keyring, short-circuit normal key processing */
-- 
2.38.1

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel

Re: [dm-devel] [PATCH] dm-crypt: fix incorrect use of strcmp when telling if there is no key

[Milan Broz]

On 11/7/22 13:22, Coiby Xu wrote:
> strcmp returns 0 when two strings are equal.
> 
> Fixes: 69a8cfcda210 ("dm crypt: set key size early")
> Signed-off-by: Coiby Xu <coxu@redhat.com>
> ---
>   drivers/md/dm-crypt.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
> index 159c6806c19b..cfefe0f18150 100644
> --- a/drivers/md/dm-crypt.c
> +++ b/drivers/md/dm-crypt.c
> @@ -2590,7 +2590,7 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
>   	int key_string_len = strlen(key);
>   
>   	/* Hyphen (which gives a key_size of zero) means there is no key. */
> -	if (!cc->key_size && strcmp(key, "-"))
> +	if (!cc->key_size && !strcmp(key, "-"))
>   		goto out;

NACK. The code is correct.

The comment is a little bit misleading - it actually says that "-" is valid here.

If key_size is 0 (see above: key_size = strlen(key) >> 1;)  and key
is NOT "-" (empty key) return error.

Key "-" is a valid key, means no key used (used for null cipher).

Try this with and without your patch (it uses null cipher that takes no key):

dmsetup create test --table "0 8 crypt cipher_null-ecb - 0 /dev/sdb 0"

With your patch it no longer works.

Please, run cryptsetup testsuite before sending patches, tests/mode-tests fails
immediately with your patch!

Thanks,
Milan

Re: [dm-devel] [PATCH] dm-crypt: fix incorrect use of strcmp when telling if there is no key

[Milan Broz]

On 11/7/22 13:22, Coiby Xu wrote:
> strcmp returns 0 when two strings are equal.
> 
> Fixes: 69a8cfcda210 ("dm crypt: set key size early")
> Signed-off-by: Coiby Xu <coxu@redhat.com>
> ---
>   drivers/md/dm-crypt.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
> index 159c6806c19b..cfefe0f18150 100644
> --- a/drivers/md/dm-crypt.c
> +++ b/drivers/md/dm-crypt.c
> @@ -2590,7 +2590,7 @@ static int crypt_set_key(struct crypt_config *cc, char *key)
>   	int key_string_len = strlen(key);
>   
>   	/* Hyphen (which gives a key_size of zero) means there is no key. */
> -	if (!cc->key_size && strcmp(key, "-"))
> +	if (!cc->key_size && !strcmp(key, "-"))
>   		goto out;

NACK. The code is correct.

The comment is a little bit misleading - it actually says that "-" is valid here.

If key_size is 0 (see above: key_size = strlen(key) >> 1;)  and key
is NOT "-" (empty key) return error.

Key "-" is a valid key, means no key used (used for null cipher).

Try this with and without your patch (it uses null cipher that takes no key):

dmsetup create test --table "0 8 crypt cipher_null-ecb - 0 /dev/sdb 0"

With your patch it no longer works.

Please, run cryptsetup testsuite before sending patches, tests/mode-tests fails
immediately with your patch!

Thanks,
Milan

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel