linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 01/06] ecryptfs: Validate minimum header extent size
@ 2006-06-26 23:46 Stephan Müller
  2006-06-27 16:17 ` Michael Halcrow
  0 siblings, 1 reply; 2+ messages in thread
From: Stephan Müller @ 2006-06-26 23:46 UTC (permalink / raw)
  To: linux-kernel, akpm; +Cc: Michael Halcrow

Kernel version: 2.6.17-mm1

The encrypted file ecryptfs maintains has in the first page meta data that 
is needed for ecryptfs operation. As the encrypted file is untrusted, 
every bit read of that file must be validated.

The patch ensures that crypt_stat->num_header_extents_at_front is checked 
for improper values.

Signed-off-by: Stephan Mueller <smueller@chronox.de>

---

 fs/ecryptfs/crypto.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

1d76f6b4a787047ca354c8385614b0d549db6bc8
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 427f470..91b350e 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1333,7 +1333,8 @@ static int parse_header_metadata(struct 
 	crypt_stat->num_header_extents_at_front =
 		(int)num_header_extents_at_front;
 	(*bytes_read) = 6;
-	if (crypt_stat->header_extent_size
+	if ((crypt_stat->header_extent_size
+	     * crypt_stat->num_header_extents_at_front)
 	    < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) {
 		rc = -EINVAL;
 		ecryptfs_printk(KERN_WARNING, "Invalid header extent size: "

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH 01/06] ecryptfs: Validate minimum header extent size
  2006-06-26 23:46 [PATCH 01/06] ecryptfs: Validate minimum header extent size Stephan Müller
@ 2006-06-27 16:17 ` Michael Halcrow
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Halcrow @ 2006-06-27 16:17 UTC (permalink / raw)
  To: akpm; +Cc: linux-kernel, Stephan M?ller

On Tue, Jun 27, 2006 at 01:46:27AM +0200, Stephan M?ller wrote:
> The encrypted file ecryptfs maintains has in the first page meta
> data that is needed for ecryptfs operation. As the encrypted file is
> untrusted, every bit read of that file must be validated.
> 
> The patch ensures that crypt_stat->num_header_extents_at_front is
> checked for improper values.

All of Stephan's patches in this set, with my fix on top of #3, look
good to me.

Mike

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-06-27 16:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-06-26 23:46 [PATCH 01/06] ecryptfs: Validate minimum header extent size Stephan Müller
2006-06-27 16:17 ` Michael Halcrow

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).