Re: [PATCH 03/06] ecryptfs: Validate packet length prior to parsing, add comments
From: Michael Halcrow
Date: Tue Jun 27 2006 - 12:13:57 EST
On Tue, Jun 27, 2006 at 01:47:41AM +0200, Stephan M?ller wrote:
> @@ -180,19 +180,27 @@ parse_tag_3_packet(struct ecryptfs_crypt
> struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
> int length_size;
>
> + /* we check that:
> + * one byte for the Tag 3 ID flag
> + * two bytes for the body size
> + * do not exceed the maximum_packet_size
> + */
> + if (unlikely((*packet_size) + 3 > max_packet_size)) {
> + ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n");
> + rc = -EINVAL;
> + goto out;
> + }
> +
> (*packet_size) = 0;
We need this fix on top of this patch.
---
Set the packet size to 0 prior to any parse calls.
Signed-off-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
---
fs/ecryptfs/keystore.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
ae120bff8aba7b5368107f668fffb5279379fba0
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index a91b8b4..791fb3b 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -191,7 +191,6 @@ parse_tag_3_packet(struct ecryptfs_crypt
goto out;
}
- (*packet_size) = 0;
(*new_auth_tok) = NULL;
/* check for Tag 3 identifyer - one byte */
@@ -585,7 +584,7 @@ int ecryptfs_parse_packet_set(struct ecr
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
struct ecryptfs_auth_tok *candidate_auth_tok = NULL;
- int packet_size;
+ int packet_size = 0;
struct ecryptfs_auth_tok *new_auth_tok;
unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
int tag_11_contents_size;
--
1.3.3
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/