Commit 94208064 authored by Michael Halcrow's avatar Michael Halcrow Committed by Tyler Hicks

eCryptfs: Remove buggy and unnecessary write in file name decode routine

Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the
end of the allocated buffer during encrypted filename decoding. This
fix corrects the issue by getting rid of the unnecessary 0 write when
the current bit offset is 2.
Signed-off-by: default avatarMichael Halcrow <mhalcrow@google.com>
Reported-by: default avatarDmitry Chernenkov <dmitryc@google.com>
Suggested-by: default avatarKees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org # v2.6.29+: 51ca58dc eCryptfs: Filename Encryption: Encoding and encryption functions
Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
parent 831115af
...@@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, ...@@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
break; break;
case 2: case 2:
dst[dst_byte_offset++] |= (src_byte); dst[dst_byte_offset++] |= (src_byte);
dst[dst_byte_offset] = 0;
current_bit_offset = 0; current_bit_offset = 0;
break; break;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment