From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932258AbcH1GQ7 (ORCPT ); Sun, 28 Aug 2016 02:16:59 -0400 Received: from mail.kernel.org ([198.145.29.136]:40166 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751308AbcH1GQ6 (ORCPT ); Sun, 28 Aug 2016 02:16:58 -0400 Subject: Re: [PATCH] fscrypto: fix to null-terminate encrypted filename in fname_encrypt To: "Theodore Ts'o" , jaegeuk@kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, Chao Yu References: <1472346808-3213-1-git-send-email-chao@kernel.org> <20160828051330.7kyhhvvxitghshi7@thunk.org> From: Chao Yu Message-ID: <4a1a7233-a8f5-873a-2895-a259dc0cf717@kernel.org> Date: Sun, 28 Aug 2016 14:16:03 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160828051330.7kyhhvvxitghshi7@thunk.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Ted, On 2016/8/28 13:13, Theodore Ts'o wrote: > On Sun, Aug 28, 2016 at 09:13:28AM +0800, Chao Yu wrote: >> From: Chao Yu >> >> This patch fixes to add null character at the end of encrypted filename >> in fname_encrypt, in order to avoid incorrectly traversing random data >> located after target filename. The call stack is as below: >> >> - f2fs_add_link >> - __f2fs_add_link >> - fscrypt_setup_filename >> - fscrypt_fname_alloc_buffer allocate buffer for @fname >> - fname_encrypt didn't set null character for @fname >> - f2fs_add_regular_entry init qstr with @fname >> - init_inode_metadata >> - f2fs_init_security >> - security_inode_init_security >> - selinux_inode_init_security >> - selinux_determine_inode_label >> - security_transition_sid >> - security_compute_sid >> - filename_compute_type >> - hashtab_search >> - filenametr_hash traverse @fname as one which has null character > > The problem is not in fname_encrypt(), but rather that > security_inode_init_security() should be given the _unencrypted_ > filename. > > In ext4 security_inode_init_security() is called with the qstr from > the dentry, not the encrypted qstr --- in fact we call > security_inode_init_security before we call fname_encrypt. > > SELinux needs the unencrypted filename in order to decide which > SELinux rules / labels should apply. You're right, I missed this mistake. So actually, this is a bug of f2fs. Let me figure out the fixing patch. Thanks for your review! :) Thanks, > > - Ted >