[PATCH 01/06] ecryptfs: Validate minimum header extent size

Kernel version: 2.6.17-mm1

The encrypted file ecryptfs maintains has in the first page meta data that 
is needed for ecryptfs operation. As the encrypted file is untrusted, 
every bit read of that file must be validated.

The patch ensures that crypt_stat->num_header_extents_at_front is checked 
for improper values.

Signed-off-by: Stephan Mueller <[email protected]>

---

 fs/ecryptfs/crypto.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

1d76f6b4a787047ca354c8385614b0d549db6bc8
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 427f470..91b350e 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1333,7 +1333,8 @@ static int parse_header_metadata(struct 
 	crypt_stat->num_header_extents_at_front =
 		(int)num_header_extents_at_front;
 	(*bytes_read) = 6;
-	if (crypt_stat->header_extent_size
+	if ((crypt_stat->header_extent_size
+	     * crypt_stat->num_header_extents_at_front)
 	    < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) {
 		rc = -EINVAL;
 		ecryptfs_printk(KERN_WARNING, "Invalid header extent size: "
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH 01/06] ecryptfs: Validate minimum header extent size
  - From: Michael Halcrow <[email protected]>

Prev by Date: [Suspend2][ 11/16] [Suspend2] General proc entries for suspend.
Next by Date: [PATCH 02/06] ecryptfs: Validate body size
Previous by thread: [Suspend2][ 00/16] Suspend.c
Next by thread: Re: [PATCH 01/06] ecryptfs: Validate minimum header extent size
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]