From nobody Thu Feb 09 22:23:05 2023
X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PCWbj3ykYz3p89C
	for <freebsd-security@mlmmj.nyi.freebsd.org>; Thu,  9 Feb 2023 22:23:29 +0000 (UTC)
	(envelope-from woodsb02@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4PCWbj3S22z4PhZ;
	Thu,  9 Feb 2023 22:23:29 +0000 (UTC)
	(envelope-from woodsb02@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1675981409;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=BrZv8DvvhE43IvmCLk26oqr195mhuesY9HxkdxB0dT8=;
	b=n89l2GPjflFHpNiApUHmyxH/s5noRnX+O1M8XQpow9tHWgGqcO7BEvdpW0YvQNNAlTeznR
	yeTjRmcwQFVa9weZO3Y/MXnmizwiiqndNIqpdbl61/DXYlaayMjWWIe9rYg7Pztkb0KqLE
	P97I/trV1sErfxVTxuR7wJJztN8SfVoJ/4kSIyxk7RNQMuBQtselGZBCNtnaIO8V/HXJYq
	uDtVuXX2CZgKsMKNX8ky071A5wu7aWNALZXX5L7Vwn3nSvH1Qr6dufyA08kTTm1IVqeSSD
	Rr+RDljDZGTTIPLqYCRiqhCCoc3tyfqvhm1im/rH+Vu12ioOckj/URNwBHZVPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1675981409;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=BrZv8DvvhE43IvmCLk26oqr195mhuesY9HxkdxB0dT8=;
	b=odIB8DopYJVpD0Hs/rSdEz/ZykEEG+q2SbKKx//pDR9KZa34rjKLUJWpiL/CS7ssk+rs+6
	TbB0JPGw16BIrqDpevJi7PjyNWEyWiCix0l3sGdY0FrFBaqNdyhIBjpKnk9HC9lpERXPmX
	fkNhgcI3yt0VS1gAZcOLXDn65dpYa7L+kyfJbMkPv+tXuCPnkS9rUzwaly3JtMwk/zkurh
	QW4KD8wcPZtEeb0VcuBwsYFH3kHvm4OY+GV7/zdJecs3K8bjoS/dPSBPBs5Fes70HaO1g7
	0DQ6CmzFU2mTmxlk1bv8LHcrkDw0Fc7a2gSbj+D8MxWhSUGEsSmlSDS/0U4hEw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675981409; a=rsa-sha256; cv=none;
	b=cuRu6if4MPu2vcpmJxKjLq7Iu8lWH2YTUNzcAXzwiLgPp5EAQhmfcXbxeCYMAmJpXWvHHa
	5JhGa7KHOD4FRyHelcIV3dH5NAabyb5s7rU7HmjRi+Y8tIv9/eJKTWzTHDo2TzJ4zg3/jB
	Db5ynUdXOVzDeA4aJRKVzHfZcJe5GwdVylyWucGSivlv65suoa7CIysxhWGLtSplseiFlp
	6olFEW5Ou1VH65n6EdwhoGYEPCWKrGmXhSuGc/Pi/Fss3NUCneA4eIWQBOXMD1jp3n5HWB
	Hc3CxArqNPUdMLSCIAXYIj5KUVLihBGQhEVqzxV2Sx0R1RRsbBzXVBUzo1g5kQ==
Received: from auth1-smtp.messagingengine.com (auth1-smtp.messagingengine.com [66.111.4.227])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: woodsb02)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4PCWbj2BrqzXwP;
	Thu,  9 Feb 2023 22:23:29 +0000 (UTC)
	(envelope-from woodsb02@freebsd.org)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailauth.nyi.internal (Postfix) with ESMTP id B916C27C0054;
	Thu,  9 Feb 2023 17:23:27 -0500 (EST)
Received: from imap46 ([10.202.2.96])
  by compute1.internal (MEProxy); Thu, 09 Feb 2023 17:23:27 -0500
X-ME-Sender: <xms:X3LlY8ey66BkEm5DePKksTEp42TrFj0xmJX5Nt4VsvZjf4S9Cyh_GQ>
    <xme:X3LlY-MEZPD7bPm-g3gfY2CyywDDhIJOcDC0vKcbuVOcEAI6JTWHZRm0wXT39UPdV
    NExpwbrHVOLWWobYF0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrudehfedgudehkecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
    enucfjughrpefofgggkfgjfhffhffvvefutgfgsehtqhertderreejnecuhfhrohhmpedf
    uegvnhcuhghoohgushdfuceofihoohgushgstddvsehfrhgvvggsshgurdhorhhgqeenuc
    ggtffrrghtthgvrhhnpeelfedtudeigefgiedvgfehffdtgfeiieduvdeiheevjeffhffg
    ueegieetgfehfeenucffohhmrghinhepfhhrvggvsghsugdrohhrghenucevlhhushhtvg
    hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegsvghnodhmvghsmhhtphgr
    uhhthhhpvghrshhonhgrlhhithihqddutdelfeeiiedvkeekqddvgeejkedvvdektddqfi
    hoohgushgstddvpeepfhhrvggvsghsugdrohhrghesfihoohgushdrrghm
X-ME-Proxy: <xmx:X3LlY9henok2nYp41ov_dudMY0dBHlCvIN71W3N7gEgQGJKXU5AYyw>
    <xmx:X3LlYx_ep-V7Qua9HI40ioyL6ZMqxcBPlGfWHRQ-GFwbT2g9eUSL4w>
    <xmx:X3LlY4sx4XwdbLtaldhWYr02D2Y7_1aCZgS1kQ1oq4bVCIO8Wvef9Q>
    <xmx:X3LlY6IWotuH2obuXH2W1p5-jSdfRgySDXB4AsAsyz3os8D8YQwekQ>
Feedback-ID: if9c9472a:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 6B1402A20085; Thu,  9 Feb 2023 17:23:27 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-156-g081acc5ed5-fm-20230206.001-g081acc5e
List-Id: Security issues <freebsd-security.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-security
List-Help: <mailto:freebsd-security+help@freebsd.org>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Subscribe: <mailto:freebsd-security+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-security+unsubscribe@freebsd.org>
Sender: owner-freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
Mime-Version: 1.0
Message-Id: <b2994552-139d-4b11-b459-2d1fa087f183@app.fastmail.com>
In-Reply-To: <20230208190833.283D087C3@freefall.freebsd.org>
References: <20230208190833.283D087C3@freefall.freebsd.org>
Date: Fri, 10 Feb 2023 06:23:05 +0800
From: "Ben Woods" <woodsb02@freebsd.org>
To: freebsd-security@freebsd.org
Cc: "Nathan Dorfman" <ndorf@rtfm.net>,
 "Mariusz Zaborski" <oshogbo@FreeBSD.org>,
 "Gordon Tetlow" <gordon@FreeBSD.org>, "Philip Paeps" <philip@freebsd.org>,
 "Alan Somers" <asomers@freebsd.org>, "Maksym Sobolyev" <sobomax@freebsd.org>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-ThisMailContainsUnwantedMimeParts: N

On Thu, 9 Feb 2023, at 3:08 AM, FreeBSD Security Advisories wrote:
> FreeBSD-SA-23:01.geli                                       Security A=
dvisory
>                                                           The FreeBSD =
Project
>
> Topic:          GELI silently omits the keyfile if read from stdin

Good morning,

I was scrolling through my emails yesterday and spat my coffee out when =
I read this one. I just wanted to put my hand up and say I believe this =
issue originates from my code, when I added the =E2=80=9Cgeli init multi=
ple providers=E2=80=9D feature in 2018 just prior to the FreeBSD-12 rele=
ase.

https://reviews.freebsd.org/D16115
https://reviews.freebsd.org/D17096

Apologies to anyone affected, and thank you to Nathan for reporting it, =
Marius, Gordon and Philip for fixing it, and anyone else on the security=
 team for investigating/communicating the issue.

I=E2=80=99ll spend some time to review the fix to fully understand where=
 I went wrong. I was also wondering why it wasn=E2=80=99t revealed by my=
 testing at the time=E2=80=A6. And then I realised this would not be vis=
ible to the user as they would still enter their user key to successfull=
y add the device with a null master key. Slaps forehead.

I never got around to adding unit tests for init/attach multiple provide=
rs as was requested by Alan Somers at the time (sorry), but I suspect ev=
en if I had they would have passed because I wouldn=E2=80=99t have thoug=
ht to test for this scenario.

Regards,
Ben

--=20
From: Ben Woods
woodsb02@freebsd.org