From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755194AbcH1BPo (ORCPT ); Sat, 27 Aug 2016 21:15:44 -0400 Received: from mail.kernel.org ([198.145.29.136]:34700 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753892AbcH1BPn (ORCPT ); Sat, 27 Aug 2016 21:15:43 -0400 From: Chao Yu To: tytso@mit.edu, jaegeuk@kernel.org Cc: linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, Chao Yu Subject: [PATCH] fscrypto: fix to null-terminate encrypted filename in fname_encrypt Date: Sun, 28 Aug 2016 09:13:28 +0800 Message-Id: <1472346808-3213-1-git-send-email-chao@kernel.org> X-Mailer: git-send-email 2.7.2 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chao Yu This patch fixes to add null character at the end of encrypted filename in fname_encrypt, in order to avoid incorrectly traversing random data located after target filename. The call stack is as below: - f2fs_add_link - __f2fs_add_link - fscrypt_setup_filename - fscrypt_fname_alloc_buffer allocate buffer for @fname - fname_encrypt didn't set null character for @fname - f2fs_add_regular_entry init qstr with @fname - init_inode_metadata - f2fs_init_security - security_inode_init_security - selinux_inode_init_security - selinux_determine_inode_label - security_transition_sid - security_compute_sid - filename_compute_type - hashtab_search - filenametr_hash traverse @fname as one which has null character Signed-off-by: Chao Yu --- fs/crypto/fname.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 5d6d491..5c356c0 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -110,6 +110,7 @@ static int fname_encrypt(struct inode *inode, "%s: Error (error code %d)\n", __func__, res); oname->len = ciphertext_len; + oname->name[oname->len] = 0; return res; } -- 2.7.2