Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit f151cd2c54ddc7714e2f740681350476cda03a28

Authored by Ramon de Carvalho Valle
Committed by Linus Torvalds
1 parent 6352a29305
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size 

The parse_tag_3_packet function does not check if the tag 3 packet contains a
encrypted key size larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES.

Signed-off-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
[tyhicks@linux.vnet.ibm.com: Added printk newline and changed goto to out_free]
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Cc: stable@kernel.org (2.6.27 and 30)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Showing 1 changed file with 7 additions and 0 deletions Side-by-side Diff

fs/ecryptfs/keystore.c
Diff comments   View file @ f151cd2
... ... @@ -1303,6 +1303,13 @@
1303 1303 }
1304 1304 (*new_auth_tok)->session_key.encrypted_key_size =
1305 1305 (body_size - (ECRYPTFS_SALT_SIZE + 5));
  1306 + if ((*new_auth_tok)->session_key.encrypted_key_size
  1307 + > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
  1308 + printk(KERN_WARNING "Tag 3 packet contains key larger "
  1309 + "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
  1310 + rc = -EINVAL;
  1311 + goto out_free;
  1312 + }
1306 1313 if (unlikely(data[(*packet_size)++] != 0x04)) {
1307 1314 printk(KERN_WARNING "Unknown version number [%d]\n",
1308 1315 data[(*packet_size) - 1]);