• Colin Ian King's avatar
    eCryptfs: ensure copy to crypt_stat->cipher does not overrun · 2a559a8b
    Colin Ian King authored
    The patch 237fead6: "[PATCH] ecryptfs: fs/Makefile and
    fs/Kconfig" from Oct 4, 2006, leads to the following static checker
    warning:
    
      fs/ecryptfs/crypto.c:846 ecryptfs_new_file_context()
      error: off-by-one overflow 'crypt_stat->cipher' size 32.  rl = '0-32'
    
    There is a mismatch between the size of ecryptfs_crypt_stat.cipher
    and ecryptfs_mount_crypt_stat.global_default_cipher_name causing the
    copy of the cipher name to cause a off-by-one string copy error. This
    fix ensures the space reserved for this string is the same size including
    the trailing zero at the end throughout ecryptfs.
    
    This fix avoids increasing the size of ecryptfs_crypt_stat.cipher
    and also ecryptfs_parse_tag_70_packet_silly_stack.cipher_string and instead
    reduces the of ECRYPTFS_MAX_CIPHER_NAME_SIZE to 31 and includes the + 1 for
    the end of string terminator.
    
    NOTE: An overflow is not possible in practice since the value copied
    into global_default_cipher_name is validated by
    ecryptfs_code_for_cipher_string() at mount time. None of the allowed
    cipher strings are long enough to cause the potential buffer overflow
    fixed by this patch.
    Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
    Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
    [tyhicks: Added the NOTE about the overflow not being triggerable]
    Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
    2a559a8b
main.c 25.4 KB