* [PATCH] ecryptfs: keystore: Fix a buffer overrun in write_tag_66_packet()
@ 2023-06-30 9:11 Yiyuan Guo
0 siblings, 0 replies; only message in thread
From: Yiyuan Guo @ 2023-06-30 9:11 UTC (permalink / raw)
To: code; +Cc: viro, brauner, ecryptfs, linux-kernel, yguoaz
The encrypted key of a TAG 66 Packet includes 1 byte cipher code and 2
byte checksum, but the allocation size `data_len` ignores the extra 3
bytes. Fix the allocation size to avoid buffer overrun.
Signed-off-by: Yiyuan Guo <yguoaz@gmail.com>
---
fs/ecryptfs/keystore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 2452d6fd7062..5cab0b800a03 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -302,7 +302,7 @@ write_tag_66_packet(char *signature, u8 cipher_code,
* | File Encryption Key Size | 1 or 2 bytes |
* | File Encryption Key | arbitrary |
*/
- data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
+ data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size + 3);
*packet = kmalloc(data_len, GFP_KERNEL);
message = *packet;
if (!message) {
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2023-06-30 9:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-30 9:11 [PATCH] ecryptfs: keystore: Fix a buffer overrun in write_tag_66_packet() Yiyuan Guo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox