android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2a559a8bde
android_kernel_samsung_sm8650/fs/ecryptfs
History
Colin Ian King 2a559a8bde eCryptfs: ensure copy to crypt_stat->cipher does not overrun 
The patch 237fead619: "[PATCH] ecryptfs: fs/Makefile and
fs/Kconfig" from Oct 4, 2006, leads to the following static checker
warning:

  fs/ecryptfs/crypto.c:846 ecryptfs_new_file_context()
  error: off-by-one overflow 'crypt_stat->cipher' size 32.  rl = '0-32'

There is a mismatch between the size of ecryptfs_crypt_stat.cipher
and ecryptfs_mount_crypt_stat.global_default_cipher_name causing the
copy of the cipher name to cause a off-by-one string copy error. This
fix ensures the space reserved for this string is the same size including
the trailing zero at the end throughout ecryptfs.

This fix avoids increasing the size of ecryptfs_crypt_stat.cipher
and also ecryptfs_parse_tag_70_packet_silly_stack.cipher_string and instead
reduces the of ECRYPTFS_MAX_CIPHER_NAME_SIZE to 31 and includes the + 1 for
the end of string terminator.

NOTE: An overflow is not possible in practice since the value copied
into global_default_cipher_name is validated by
ecryptfs_code_for_cipher_string() at mount time. None of the allowed
cipher strings are long enough to cause the potential buffer overflow
fixed by this patch.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
[tyhicks: Added the NOTE about the overflow not being triggerable]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
2015-02-24 19:23:28 -06:00
..
crypto.c Fixes for filename decryption and encrypted view plus a cleanup 2014-12-19 18:15:12 -08:00
debug.c eCryptfs: update comment and debug statement 2007-10-16 09:43:11 -07:00
dentry.c ecryptfs: ->lower_path.dentry is never NULL 2013-10-24 23:34:48 -04:00
ecryptfs_kernel.h eCryptfs: ensure copy to crypt_stat->cipher does not overrun 2015-02-24 19:23:28 -06:00
file.c VFS: (Scripted) Convert S_ISLNK/DIR/REG(dentry->d_inode) to d_is_*(dentry) 2015-02-22 11:38:41 -05:00
inode.c VFS: (Scripted) Convert S_ISLNK/DIR/REG(dentry->d_inode) to d_is_*(dentry) 2015-02-22 11:38:41 -05:00
Kconfig Minor code cleanups and new Kconfig option to disable /dev/ecryptfs 2013-03-07 12:47:24 -08:00
keystore.c eCryptfs: ensure copy to crypt_stat->cipher does not overrun 2015-02-24 19:23:28 -06:00
kthread.c eCryptfs: fix to use list_for_each_entry_safe() when delete items 2012-12-18 10:07:29 -06:00
main.c eCryptfs: ensure copy to crypt_stat->cipher does not overrun 2015-02-24 19:23:28 -06:00
Makefile eCryptfs: allow userspace messaging to be disabled 2013-03-03 23:59:59 -08:00
messaging.c fs/ecryptfs/messaging.c: remove null test before kfree 2014-07-03 16:38:09 -05:00
miscdev.c ecryptfs: close rmmod race 2013-04-09 14:08:16 -04:00
mmap.c kill f_dentry uses 2014-11-19 13:01:25 -05:00
read_write.c ecryptfs: don't open-code kernel_read() 2013-05-09 13:39:58 -04:00
super.c mm + fs: store shadow entries in page cache 2014-04-03 16:21:01 -07:00