From: Tyler Hicks <tyhicks@canonical.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, ecryptfs@vger.kernel.org
Subject: Re: [PATCH] ecryptfs: avoid ctx initialization race
Date: Fri, 6 Sep 2013 17:30:00 -0700 [thread overview]
Message-ID: <20130907002959.GN3853@boyd> (raw)
In-Reply-To: <20130813220227.GA20160@www.outflux.net>
[-- Attachment #1: Type: text/plain, Size: 2012 bytes --]
On 2013-08-13 15:02:27, Kees Cook wrote:
> It might be possible for two callers to race the mutex lock after the
> NULL ctx check. Instead, move the lock above the check so there isn't
> the possibility of leaking a crypto ctx. Additionally, report the full
> algo name when failing.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
Thanks, Kees!
I've pushed this to my next branch and it'll be included in a pull
request early next week.
I made one small change to this patch. See below.
> ---
> fs/ecryptfs/crypto.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
> index d107576..c134346 100644
> --- a/fs/ecryptfs/crypto.c
> +++ b/fs/ecryptfs/crypto.c
> @@ -618,27 +618,28 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
> "key_size_bits = [%zd]\n",
> crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
> crypt_stat->key_size << 3);
> + mutex_lock(&crypt_stat->cs_tfm_mutex);
> if (crypt_stat->tfm) {
> rc = 0;
> - goto out;
> + goto out_unlock;
> }
> - mutex_lock(&crypt_stat->cs_tfm_mutex);
> rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
> crypt_stat->cipher, "cbc");
> if (rc)
> goto out_unlock;
> crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0);
> - kfree(full_alg_name);
> if (IS_ERR(crypt_stat->tfm)) {
> rc = PTR_ERR(crypt_stat->tfm);
> crypt_stat->tfm = NULL;
> ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
> "Error initializing cipher [%s]\n",
> - crypt_stat->cipher);
> - goto out_unlock;
> + full_alg_name);
> + goto out_free;
> }
> crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
> rc = 0;
> +out_free:
> + kfree(full_alg_name);
> out_unlock:
> mutex_unlock(&crypt_stat->cs_tfm_mutex);
> out:
The out label is no longer used. I removed it when I committed this
patch.
Tyler
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2013-09-07 0:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-13 22:02 [PATCH] ecryptfs: avoid ctx initialization race Kees Cook
2013-09-07 0:30 ` Tyler Hicks [this message]
2013-09-07 0:46 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130907002959.GN3853@boyd \
--to=tyhicks@canonical.com \
--cc=ecryptfs@vger.kernel.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox