Commit f151cd2c authored by Ramon de Carvalho Valle's avatar Ramon de Carvalho Valle Committed by Linus Torvalds

eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size

The parse_tag_3_packet function does not check if the tag 3 packet contains a
encrypted key size larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES.
Signed-off-by: default avatarRamon de Carvalho Valle <ramon@risesecurity.org>
[tyhicks@linux.vnet.ibm.com: Added printk newline and changed goto to out_free]
Signed-off-by: default avatarTyler Hicks <tyhicks@linux.vnet.ibm.com>
Cc: stable@kernel.org (2.6.27 and 30)
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 6352a293
...@@ -1303,6 +1303,13 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, ...@@ -1303,6 +1303,13 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
} }
(*new_auth_tok)->session_key.encrypted_key_size = (*new_auth_tok)->session_key.encrypted_key_size =
(body_size - (ECRYPTFS_SALT_SIZE + 5)); (body_size - (ECRYPTFS_SALT_SIZE + 5));
if ((*new_auth_tok)->session_key.encrypted_key_size
> ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
printk(KERN_WARNING "Tag 3 packet contains key larger "
"than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
rc = -EINVAL;
goto out_free;
}
if (unlikely(data[(*packet_size)++] != 0x04)) { if (unlikely(data[(*packet_size)++] != 0x04)) {
printk(KERN_WARNING "Unknown version number [%d]\n", printk(KERN_WARNING "Unknown version number [%d]\n",
data[(*packet_size) - 1]); data[(*packet_size) - 1]);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment