Re: [RFC PATCH v3 14/16] ceph: add support to readdir for encrypted filenames

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 15, 2020 at 09:27:49AM -0400, Jeff Layton wrote:
> > > +	}
> > > +
> > > +	declen = fscrypt_base64_decode(name, len, tname->name);
> > > +	if (declen < 0 || declen > NAME_MAX) {
> > > +		ret = -EIO;
> > > +		goto out;
> > > +	}
> > 
> > declen <= 0, to cover the empty name case.
> > 
> > Also, is there a point in checking for > NAME_MAX?
> > 
> 
> IDK. We're getting these strings from the MDS and they could end up
> being corrupt if there are bugs there (or if the MDS is compromised). 
> Of course, if we get a name longer than NAME_MAX then we've overrun the
> buffer.
> 
> Maybe we should add a maxlen parameter to fscrypt_base64_encode/decode ?
> Or maybe I should just have fscrypt_fname_alloc_buffer allocate a buffer
> the same size as "len"? It might be a little larger than necessary, but
> that would be safer.

How about checking that the base64-encoded filename is <= BASE64_CHARS(NAME_MAX)
in length?  Then decoding it can't give more than NAME_MAX bytes.

fscrypt_setup_filename() does a similar check when decoding a no-key name.

- Eric



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux