2017-10-29 14:23:02 -04:00
|
|
|
From f2d130454e46c3989af1b4f882b6a666d24fa2e0 Mon Sep 17 00:00:00 2001
|
2017-10-29 01:48:53 -04:00
|
|
|
From: Michael Halcrow <mhalcrow@google.com>
|
|
|
|
Date: Wed, 26 Nov 2014 09:09:16 -0800
|
2017-10-29 14:23:02 -04:00
|
|
|
Subject: eCryptfs: Remove buggy and unnecessary write in file name decode
|
|
|
|
routine
|
|
|
|
|
|
|
|
commit 942080643bce061c3dd9d5718d3b745dcb39a8bc upstream.
|
2017-10-29 01:48:53 -04:00
|
|
|
|
|
|
|
Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the
|
|
|
|
end of the allocated buffer during encrypted filename decoding. This
|
|
|
|
fix corrects the issue by getting rid of the unnecessary 0 write when
|
|
|
|
the current bit offset is 2.
|
|
|
|
|
|
|
|
Signed-off-by: Michael Halcrow <mhalcrow@google.com>
|
|
|
|
Reported-by: Dmitry Chernenkov <dmitryc@google.com>
|
|
|
|
Suggested-by: Kees Cook <keescook@chromium.org>
|
|
|
|
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
|
2017-10-29 14:23:02 -04:00
|
|
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
2017-10-29 01:48:53 -04:00
|
|
|
---
|
|
|
|
fs/ecryptfs/crypto.c | 1 -
|
|
|
|
1 file changed, 1 deletion(-)
|
|
|
|
|
|
|
|
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
|
2017-10-29 14:23:02 -04:00
|
|
|
index 68b19ab..dceedec 100644
|
2017-10-29 01:48:53 -04:00
|
|
|
--- a/fs/ecryptfs/crypto.c
|
|
|
|
+++ b/fs/ecryptfs/crypto.c
|
2017-10-29 14:23:02 -04:00
|
|
|
@@ -2038,7 +2038,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
|
2017-10-29 01:48:53 -04:00
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
dst[dst_byte_offset++] |= (src_byte);
|
|
|
|
- dst[dst_byte_offset] = 0;
|
|
|
|
current_bit_offset = 0;
|
|
|
|
break;
|
|
|
|
}
|
2017-10-29 14:23:02 -04:00
|
|
|
--
|
|
|
|
cgit v1.1
|
|
|
|
|