+ ecryptfs-validate-minimum-header-extent-size.patch added to -mm tree

akpm@xxxxxxxx · Tue, 27 Jun 2006 15:09:32 -0700

The patch titled

     ecryptfs: Validate minimum header extent size

has been added to the -mm tree.  Its filename is

     ecryptfs-validate-minimum-header-extent-size.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: ecryptfs: Validate minimum header extent size
From: Stephan Mueller <smueller@xxxxxxxxxx>


The encrypted file ecryptfs maintains has in the first page meta data that is
needed for ecryptfs operation.  As the encrypted file is untrusted, every bit
read of that file must be validated.

The patch ensures that crypt_stat->num_header_extents_at_front is checked for
improper values.

Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
Acked-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 fs/ecryptfs/crypto.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletion(-)

diff -puN fs/ecryptfs/crypto.c~ecryptfs-validate-minimum-header-extent-size fs/ecryptfs/crypto.c

--- 25/fs/ecryptfs/crypto.c~ecryptfs-validate-minimum-header-extent-size	Tue Jun 27 15:09:31 2006
+++ 25-akpm/fs/ecryptfs/crypto.c	Tue Jun 27 15:09:31 2006
@@ -1332,7 +1332,8 @@ static int parse_header_metadata(struct 
 	crypt_stat->num_header_extents_at_front =
 		(int)num_header_extents_at_front;
 	(*bytes_read) = 6;
-	if (crypt_stat->header_extent_size
+	if ((crypt_stat->header_extent_size
+	     * crypt_stat->num_header_extents_at_front)
 	    < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) {
 		rc = -EINVAL;
 		ecryptfs_printk(KERN_WARNING, "Invalid header extent size: "
_

Patches currently in -mm which might be from smueller@xxxxxxxxxx are

ecryptfs-validate-minimum-header-extent-size.patch
ecryptfs-validate-body-size.patch
ecryptfs-validate-packet-length-prior-to-parsing-add-comments.patch
ecryptfs-validate-packet-length-prior-to-parsing-add-comments-fix.patch
ecryptfs-use-the-passed-in-max-value-as-the-upper-bound.patch
ecryptfs-change-the-maximum-size-check-when-writing-header.patch
ecryptfs-print-the-actual-option-that-is-problematic.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




