luks: Sanity check master key and slot iterations

These should never be zero.  We should probably limit them too, but
that can be done at a future time.

Thanks: Daniel P. Berrangé
Updates: commit 468919d

Author: rwmjones

filters/luks/luks-encryption.c

@@ -744,6 +744,12 @@ load_header (nbdkit_next *next, const char *passphrase)
     return NULL;
   }
 
+  if (h->phdr.master_key_digest_iterations == 0) {
+    nbdkit_error ("bad LUKSv1 header: master key iterations is 0");
+    free (h);
+    return NULL;
+  }
+
   /* We derive several allocations from master_key_len so make sure
    * it's not insane.
    */
@@ -769,6 +775,11 @@ load_header (nbdkit_next *next, const char *passphrase)
         free (h);
         return NULL;
       }
+      if (ks->password_iterations == 0) {
+        nbdkit_error ("bad LUKSv1 header: key slot %zu iterations is 0", i);
+        free (h);
+        return NULL;
+      }
       start = ks->key_material_offset;
       len = key_material_length_in_sectors (h, i);
       if (len > 4096) /* bound it at something reasonable */ {