From nobody Wed Feb  8 22:15:21 2023
X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PBvRx4BRBz3n012
	for <freebsd-security@mlmmj.nyi.freebsd.org>; Wed,  8 Feb 2023 22:14:37 +0000 (UTC)
	(envelope-from oshogbo.vx@gmail.com)
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4PBvRx1BbHz3tWP
	for <freebsd-security@freebsd.org>; Wed,  8 Feb 2023 22:14:37 +0000 (UTC)
	(envelope-from oshogbo.vx@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-wm1-f47.google.com with SMTP id f47-20020a05600c492f00b003dc584a7b7eso2597771wmp.3
        for <freebsd-security@freebsd.org>; Wed, 08 Feb 2023 14:14:37 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=IUkjzRtUEEOVnzXqgurHmWwr/2JWUDXVPUHKFhhyjSc=;
        b=i9aUA+ANAcsReTag3UdpkAGZZQ64JTy7gm5Mx0Xmi7BX6oSoI+4irNFik44JRTGl1d
         UxzEx5zYX/zUzPh017zxodzTaI9DCn8Vzjbsa+1tY8Oa9uqC53iBtGBYLxfcWyuOAqPE
         nY0gk2YLxMVAoeyVIUawI3us2cqmtZOQd2s+Ihz47hRIYCOz30Njc2mxn2ZDubo3ZGE9
         8HxeHV+fK15KOrt+e7mHeFDHMgQUAjqWorndYwAn7CvybhWw6mWvKl4Af29POqRyAl3E
         WZS2BUZGbZJoiYkchce3D5CueqC1fQZ65bDkph43OKfDngAYGiyqwB45xkwsc1k5JsWV
         q+Eg==
X-Gm-Message-State: AO0yUKU2sUrHMU8Jmp0NDFGEDf1uOa/Rd5at/VtYv0QUcZnHP/fF6sfw
	YHrcZ9I3/tdA8PKcyi2HCVUomJtnDzsLEYVmF+3vpQhfjJVMVQ==
X-Google-Smtp-Source: AK7set89DdOWkrKy7S59W/ngGftqEfBHjjIwCFUPjdxRo9ekZPMZIMz1xIFY77h1SWdhMsqyJIa7eahLlE3yu9gbgp8=
X-Received: by 2002:a05:600c:3147:b0:3df:fc66:25a with SMTP id
 h7-20020a05600c314700b003dffc66025amr359316wmo.3.1675894475569; Wed, 08 Feb
 2023 14:14:35 -0800 (PST)
List-Id: Security issues <freebsd-security.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-security
List-Help: <mailto:freebsd-security+help@freebsd.org>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Subscribe: <mailto:freebsd-security+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-security+unsubscribe@freebsd.org>
Sender: owner-freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
MIME-Version: 1.0
References: <20230208190833.1DF6F8824@freefall.freebsd.org> <CAD2Ti2_jM_efGLKGwUmsAXTjzusEEQL9wxJqDTg2cWc7iUrcqA@mail.gmail.com>
In-Reply-To: <CAD2Ti2_jM_efGLKGwUmsAXTjzusEEQL9wxJqDTg2cWc7iUrcqA@mail.gmail.com>
From: Mariusz Zaborski <oshogbo@freebsd.org>
Date: Wed, 8 Feb 2023 23:15:21 +0100
Message-ID: <CAGOYWV-2tEa=nv7LecOBANH_wE=trKxcmTaabUgPwr-7WKCDLg@mail.gmail.com>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli
To: grarpamp <grarpamp@gmail.com>
Cc: freebsd-security@freebsd.org
Content-Type: multipart/alternative; boundary="000000000000e5c09b05f43796f2"
X-Rspamd-Queue-Id: 4PBvRx1BbHz3tWP
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	TAGGED_FROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

--000000000000e5c09b05f43796f2
Content-Type: text/plain; charset="UTF-8"

When I was working on the patch, I analyzed this situation.
The issue with key files is that they can be arbitrary in size, and I think
this caused this issue.
The passfile/passwords are limited in size.
Because they are limited, they are cached in the memory of geli and reused.

My conclusion was that there isn't such an issue with them.

Ofc it is always good to double-check. You can follow the usage of the
cached_passphrase variable:
https://cgit.freebsd.org/src/tree/lib/geom/eli/geom_eli.c#n71

On Wed, 8 Feb 2023 at 22:13, grarpamp <grarpamp@gmail.com> wrote:

> Did anyone check if -j/-J might have similar edge cases?
>
>

--000000000000e5c09b05f43796f2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">When I was working on the patch, I analyz=
ed this situation.<br>The issue with key files is that they can be arbitrar=
y in size, and I think this caused this issue.</div><div dir=3D"ltr">The pa=
ssfile/passwords are limited in size.<div>Because they are limited, they ar=
e cached in the memory of geli and reused.</div><div><br></div><div>My conc=
lusion was that there isn&#39;t such an issue with them.</div></div><div><b=
r></div>Ofc it is always good to double-check. You can follow the usage of =
the cached_passphrase variable:<br><a href=3D"https://cgit.freebsd.org/src/=
tree/lib/geom/eli/geom_eli.c#n71">https://cgit.freebsd.org/src/tree/lib/geo=
m/eli/geom_eli.c#n71</a><br><br><div class=3D"gmail_quote"><div dir=3D"ltr"=
 class=3D"gmail_attr">On Wed, 8 Feb 2023 at 22:13, grarpamp &lt;<a href=3D"=
mailto:grarpamp@gmail.com">grarpamp@gmail.com</a>&gt; wrote:<br></div><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:=
1px solid rgb(204,204,204);padding-left:1ex">Did anyone check if -j/-J migh=
t have similar edge cases?<br>
<br>
</blockquote></div></div>

--000000000000e5c09b05f43796f2--