Commit 298647e31af52e795867a399fa049cebd88067ff
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
Merge tag 'ecryptfs-3.19-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel…
…/git/tyhicks/ecryptfs Pull eCryptfs fixes from Tyler Hicks: "Fixes for filename decryption and encrypted view plus a cleanup - The filename decryption routines were, at times, writing a zero byte one character past the end of the filename buffer - The encrypted view feature attempted, and failed, to roll its own form of enforcing a read-only mount instead of letting the VFS enforce it" * tag 'ecryptfs-3.19-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs: eCryptfs: Remove buggy and unnecessary write in file name decode routine eCryptfs: Remove unnecessary casts when parsing packet lengths eCryptfs: Force RO mount when encrypted view is enabled
Showing 4 changed files Side-by-side Diff
fs/ecryptfs/crypto.c
fs/ecryptfs/file.c
... | ... | @@ -190,23 +190,11 @@ |
190 | 190 | { |
191 | 191 | int rc = 0; |
192 | 192 | struct ecryptfs_crypt_stat *crypt_stat = NULL; |
193 | - struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | |
194 | 193 | struct dentry *ecryptfs_dentry = file->f_path.dentry; |
195 | 194 | /* Private value of ecryptfs_dentry allocated in |
196 | 195 | * ecryptfs_lookup() */ |
197 | 196 | struct ecryptfs_file_info *file_info; |
198 | 197 | |
199 | - mount_crypt_stat = &ecryptfs_superblock_to_private( | |
200 | - ecryptfs_dentry->d_sb)->mount_crypt_stat; | |
201 | - if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | |
202 | - && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR) | |
203 | - || (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC) | |
204 | - || (file->f_flags & O_APPEND))) { | |
205 | - printk(KERN_WARNING "Mount has encrypted view enabled; " | |
206 | - "files may only be read\n"); | |
207 | - rc = -EPERM; | |
208 | - goto out; | |
209 | - } | |
210 | 198 | /* Released in ecryptfs_release or end of function if failure */ |
211 | 199 | file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); |
212 | 200 | ecryptfs_set_file_private(file, file_info); |
fs/ecryptfs/keystore.c
... | ... | @@ -100,12 +100,12 @@ |
100 | 100 | (*size) = 0; |
101 | 101 | if (data[0] < 192) { |
102 | 102 | /* One-byte length */ |
103 | - (*size) = (unsigned char)data[0]; | |
103 | + (*size) = data[0]; | |
104 | 104 | (*length_size) = 1; |
105 | 105 | } else if (data[0] < 224) { |
106 | 106 | /* Two-byte length */ |
107 | - (*size) = (((unsigned char)(data[0]) - 192) * 256); | |
108 | - (*size) += ((unsigned char)(data[1]) + 192); | |
107 | + (*size) = (data[0] - 192) * 256; | |
108 | + (*size) += data[1] + 192; | |
109 | 109 | (*length_size) = 2; |
110 | 110 | } else if (data[0] == 255) { |
111 | 111 | /* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */ |
fs/ecryptfs/main.c
... | ... | @@ -493,6 +493,7 @@ |
493 | 493 | { |
494 | 494 | struct super_block *s; |
495 | 495 | struct ecryptfs_sb_info *sbi; |
496 | + struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | |
496 | 497 | struct ecryptfs_dentry_info *root_info; |
497 | 498 | const char *err = "Getting sb failed"; |
498 | 499 | struct inode *inode; |
... | ... | @@ -511,6 +512,7 @@ |
511 | 512 | err = "Error parsing options"; |
512 | 513 | goto out; |
513 | 514 | } |
515 | + mount_crypt_stat = &sbi->mount_crypt_stat; | |
514 | 516 | |
515 | 517 | s = sget(fs_type, NULL, set_anon_super, flags, NULL); |
516 | 518 | if (IS_ERR(s)) { |
517 | 519 | |
... | ... | @@ -557,11 +559,19 @@ |
557 | 559 | |
558 | 560 | /** |
559 | 561 | * Set the POSIX ACL flag based on whether they're enabled in the lower |
560 | - * mount. Force a read-only eCryptfs mount if the lower mount is ro. | |
561 | - * Allow a ro eCryptfs mount even when the lower mount is rw. | |
562 | + * mount. | |
562 | 563 | */ |
563 | 564 | s->s_flags = flags & ~MS_POSIXACL; |
564 | - s->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL); | |
565 | + s->s_flags |= path.dentry->d_sb->s_flags & MS_POSIXACL; | |
566 | + | |
567 | + /** | |
568 | + * Force a read-only eCryptfs mount when: | |
569 | + * 1) The lower mount is ro | |
570 | + * 2) The ecryptfs_encrypted_view mount option is specified | |
571 | + */ | |
572 | + if (path.dentry->d_sb->s_flags & MS_RDONLY || | |
573 | + mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | |
574 | + s->s_flags |= MS_RDONLY; | |
565 | 575 | |
566 | 576 | s->s_maxbytes = path.dentry->d_sb->s_maxbytes; |
567 | 577 | s->s_blocksize = path.dentry->d_sb->s_blocksize; |