Skip to content

Avoid integer overflows during memory allocation.

username-removed-190189 requested to merge (removed):malloc into master

It is possible to overflow integers during memory allocation with insanely large "key bytes" specified in a LUKS header.

Although it could be argued to properly validate LUKS headers while parsing them, it's still a good idea to fix any form of possible overflow attacks against cryptsetup in these allocation functions.

Merge request reports