tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size

The parse_tag_3_packet function does not check if the tag 3 packet contains a
encrypted key size larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES.

Signed-off-by: Ramon de Carvalho Valle <ramon@risesecurity.org>
[tyhicks@linux.vnet.ibm.com: Added printk newline and changed goto to out_free]
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Cc: stable@kernel.org (2.6.27 and 30)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by Ramon de Carvalho Valle and committed by Linus Torvalds f151cd2c 6352a293

+7
unified split
+7
fs/ecryptfs/keystore.c
··· 1303 1303 } 1304 1304 (*new_auth_tok)->session_key.encrypted_key_size = 1305 1305 (body_size - (ECRYPTFS_SALT_SIZE + 5)); 1306 + if ((*new_auth_tok)->session_key.encrypted_key_size 1307 + > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { 1308 + printk(KERN_WARNING "Tag 3 packet contains key larger " 1309 + "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n"); 1310 + rc = -EINVAL; 1311 + goto out_free; 1312 + } 1306 1313 if (unlikely(data[(*packet_size)++] != 0x04)) { 1307 1314 printk(KERN_WARNING "Unknown version number [%d]\n", 1308 1315 data[(*packet_size) - 1]);