• Eric Sandeen's avatar
    ecryptfs: fix memory corruption when storing crypto info in xattrs · 87b811c3
    Eric Sandeen authored
    When ecryptfs allocates space to write crypto headers into, before copying
    it out to file headers or to xattrs, it looks at the value of
    crypt_stat->num_header_bytes_at_front to determine how much space it
    needs.  This is also used as the file offset to the actual encrypted data,
    so for xattr-stored crypto info, the value was zero.
    
    So, we kzalloc'd 0 bytes, and then ran off to write to that memory.
    (Which returned as ZERO_SIZE_PTR, so we explode quickly).
    
    The right answer is to always allocate a page to write into; the current
    code won't ever write more than that (this is enforced by the
    (PAGE_CACHE_SIZE - offset) length in the call to
    ecryptfs_generate_key_packet_set).  To be explicit about this, we now send
    in a "max" parameter, rather than magically using PAGE_CACHE_SIZE there.
    
    Also, since the pointer we pass down the callchain eventually gets the
    virt_to_page() treatment, we should be using a alloc_page variant, not
    kzalloc (see also 7fcba054)
    Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
    Acked-by: default avatarMichael Halcrow <mhalcrow@us.ibm.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    87b811c3
Name
Last commit
Last update
..
Makefile Loading commit data...
crypto.c Loading commit data...
debug.c Loading commit data...
dentry.c Loading commit data...
ecryptfs_kernel.h Loading commit data...
file.c Loading commit data...
inode.c Loading commit data...
keystore.c Loading commit data...
kthread.c Loading commit data...
main.c Loading commit data...
messaging.c Loading commit data...
miscdev.c Loading commit data...
mmap.c Loading commit data...
read_write.c Loading commit data...
super.c Loading commit data...