The patch titled ecryptfs: Change the maximum size check when writing header has been added to the -mm tree. Its filename is ecryptfs-change-the-maximum-size-check-when-writing-header.patch See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find out what to do about this ------------------------------------------------------ Subject: ecryptfs: Change the maximum size check when writing header From: Stephan Mueller <smueller@xxxxxxxxxx> When generating an encrypted file, the first page contains the header information. ecryptfs allocates one page to be filled with the meta information. ecryptfs_write_headers_virt() writes the header into the page. The code in this function up to the call of ecryptfs_generate_key_packet_set() already writes some bytes into the page and moves the pointer forward accordingly. This patch now tells ecryptfs_generate_key_packet_set() exactly how many bytes it is allowed to write. Prior to that, the function would allow PAGE_MAX_SIZE to be written which is longer than the allocated space (remember, some bytes are already filled). This problem does not really materialize in the current code as ecryptfs_generate_key_packet_set() only writes a Tag 3 and Tag 11 with less than 100 bytes. But this fix ensures that when development continues, nobody stumbles over the problem without being warned. Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx> Acked-by: Michael Halcrow <mhalcrow@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxx> --- fs/ecryptfs/crypto.c | 3 ++- fs/ecryptfs/ecryptfs_kernel.h | 3 ++- fs/ecryptfs/keystore.c | 15 +++++++++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff -puN fs/ecryptfs/crypto.c~ecryptfs-change-the-maximum-size-check-when-writing-header fs/ecryptfs/crypto.c --- 25/fs/ecryptfs/crypto.c~ecryptfs-change-the-maximum-size-check-when-writing-header Tue Jun 27 15:09:43 2006 +++ 25-akpm/fs/ecryptfs/crypto.c Tue Jun 27 15:09:43 2006 @@ -1223,7 +1223,8 @@ int ecryptfs_write_headers_virt(char *pa write_header_metadata((page_virt + offset), crypt_stat, &written); offset += written; rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat, - ecryptfs_dentry, &written); + ecryptfs_dentry, &written, + PAGE_CACHE_SIZE - offset); if (rc) ecryptfs_printk(KERN_WARNING, "Error generating key packet " "set; rc = [%d]\n", rc); diff -puN fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-change-the-maximum-size-check-when-writing-header fs/ecryptfs/ecryptfs_kernel.h --- 25/fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-change-the-maximum-size-check-when-writing-header Tue Jun 27 15:09:43 2006 +++ 25-akpm/fs/ecryptfs/ecryptfs_kernel.h Tue Jun 27 15:09:43 2006 @@ -466,7 +466,8 @@ int ecryptfs_cipher_code_to_string(char void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat); int ecryptfs_generate_key_packet_set(char *dest_base, struct ecryptfs_crypt_stat *crypt_stat, - struct dentry *ecryptfs_dentry, int *len); + struct dentry *ecryptfs_dentry, int *len, + int max); int process_request_key_err(long err_code); int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, diff -puN fs/ecryptfs/keystore.c~ecryptfs-change-the-maximum-size-check-when-writing-header fs/ecryptfs/keystore.c --- 25/fs/ecryptfs/keystore.c~ecryptfs-change-the-maximum-size-check-when-writing-header Tue Jun 27 15:09:43 2006 +++ 25-akpm/fs/ecryptfs/keystore.c Tue Jun 27 15:09:43 2006 @@ -982,6 +982,7 @@ out: * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat * for the global parameters * @len: The amount written + * @max: The maximum amount of data allowed to be written * * Generates a key packet set and writes it to the virtual address * passed in. @@ -991,7 +992,8 @@ out: int ecryptfs_generate_key_packet_set(char *dest_base, struct ecryptfs_crypt_stat *crypt_stat, - struct dentry *ecryptfs_dentry, int *len) + struct dentry *ecryptfs_dentry, int *len, + int max) { int rc = 0; struct ecryptfs_auth_tok *auth_tok; @@ -1006,7 +1008,7 @@ ecryptfs_generate_key_packet_set(char *d auth_tok = mount_crypt_stat->global_auth_tok; if (ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_PASSWORD)) { rc = write_tag_3_packet((dest_base + (*len)), - PAGE_CACHE_SIZE, auth_tok, + max, auth_tok, crypt_stat, &key_rec, &written); if (rc) { @@ -1018,7 +1020,7 @@ ecryptfs_generate_key_packet_set(char *d /* Write auth tok signature packet */ rc = write_tag_11_packet( (dest_base + (*len)), - (PAGE_CACHE_SIZE - (*len)), + (max - (*len)), key_rec.sig, ECRYPTFS_SIG_SIZE, &written); if (rc) { ecryptfs_printk(KERN_ERR, "Error writing " @@ -1042,7 +1044,12 @@ ecryptfs_generate_key_packet_set(char *d } } else BUG(); - dest_base[(*len)] = 0x00; + if (likely((max - (*len)) > 0)) { + dest_base[(*len)] = 0x00; + } else { + ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n"); + rc = -EIO; + } out: if (rc) (*len) = 0; _ Patches currently in -mm which might be from smueller@xxxxxxxxxx are ecryptfs-validate-minimum-header-extent-size.patch ecryptfs-validate-body-size.patch ecryptfs-validate-packet-length-prior-to-parsing-add-comments.patch ecryptfs-validate-packet-length-prior-to-parsing-add-comments-fix.patch ecryptfs-use-the-passed-in-max-value-as-the-upper-bound.patch ecryptfs-change-the-maximum-size-check-when-writing-header.patch ecryptfs-print-the-actual-option-that-is-problematic.patch - To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html