[Libguestfs] [libguestfs-common PATCH 00/12] LUKS decryption with Clevis+Tang | CVE-2022-2211

Laszlo Ersek lersek at redhat.com
Tue Jun 28 11:49:03 UTC 2022

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100862

Please refer to the parent cover letter
regarding the relationship between the CVE fix and the larger series.

The first four patches are bugfixes (of varying importance).

The rest are refactorings and feature-let additions, intermixed as


Laszlo Ersek (12):
  options: fix buffer overflow in get_keys() [CVE-2022-2211]
  options: fix UUID comparison logic bug in get_keys()
  mltools/tools_utils: remove unused function "key_store_to_cli"
  mltools/tools_utils: allow multiple "--key" options for OCaml tools
  options: replace NULL-termination with number-of-elements in
  options: wrap each passphrase from get_keys() into a struct
  options: add back-end for LUKS decryption with Clevis+Tang
  options: introduce selector tpe "key_clevis"
  options: generalize "--key" selector parsing for C-language utilities
  mltools/tools_utils: generalize "--key" selector parsing for OCaml
  options, mltools/tools_utils: parse "--key ID:clevis" options
  options, mltools/tools_utils: add helper for network dependency

 mltools/tools_utils-c.c |  47 ++++---
 mltools/tools_utils.ml  |  51 ++++----
 mltools/tools_utils.mli |  12 +-
 options/decrypt.c       |  24 ++--
 options/key-option.pod  |   9 ++
 options/keys.c          | 130 ++++++++++++++------
 options/options.h       |  19 ++-
 7 files changed, 195 insertions(+), 97 deletions(-)


More information about the Libguestfs mailing list