Re: [PATCH 03/06] ecryptfs: Validate packet length prior to parsing, add comments

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Michael Halcrow <mhalcrow@us.ibm.com>
To: akpm@osdl.org
Cc: linux-kernel@vger.kernel.org, Stephan M?ller <smueller@chronox.de>
Subject: Re: [PATCH 03/06] ecryptfs: Validate packet length prior to parsing, add comments
Date: Tue, 27 Jun 2006 11:15:06 -0500	[thread overview]
Message-ID: <20060627161505.GC2795@us.ibm.com> (raw)
In-Reply-To: <200606270147.42167.smueller@chronox.de>

On Tue, Jun 27, 2006 at 01:47:41AM +0200, Stephan M?ller wrote:
> @@ -180,19 +180,27 @@ parse_tag_3_packet(struct ecryptfs_crypt
>  	struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
>  	int length_size;
>  
> +	/* we check that:
> +	 *   one byte for the Tag 3 ID flag
> +	 *   two bytes for the body size
> +	 * do not exceed the maximum_packet_size
> +	 */
> +	if (unlikely((*packet_size) + 3 > max_packet_size)) {
> +		ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n");
> +		rc = -EINVAL;
> +		goto out;
> +	}
> +
>  	(*packet_size) = 0;

We need this fix on top of this patch.

---

Set the packet size to 0 prior to any parse calls.

Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>

---

 fs/ecryptfs/keystore.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

ae120bff8aba7b5368107f668fffb5279379fba0
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index a91b8b4..791fb3b 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -191,7 +191,6 @@ parse_tag_3_packet(struct ecryptfs_crypt
 		goto out;
 	}
 
-	(*packet_size) = 0;
 	(*new_auth_tok) = NULL;
 
 	/* check for Tag 3 identifyer - one byte */
@@ -585,7 +584,7 @@ int ecryptfs_parse_packet_set(struct ecr
 		&ecryptfs_superblock_to_private(
 			ecryptfs_dentry->d_sb)->mount_crypt_stat;
 	struct ecryptfs_auth_tok *candidate_auth_tok = NULL;
-	int packet_size;
+	int packet_size = 0;
 	struct ecryptfs_auth_tok *new_auth_tok;
 	unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE];
 	int tag_11_contents_size;
-- 
1.3.3

     prev parent reply	other threads:[~2006-06-27 16:15 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-26 23:47 [PATCH 03/06] ecryptfs: Validate packet length prior to parsing, add comments Stephan Müller
2006-06-27 16:15 ` Michael Halcrow [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a91b8b4 dfblob:791fb3b )
 OR (
bs:"Re: [PATCH 03/06] ecryptfs: Validate packet length prior to parsing, add comments" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060627161505.GC2795@us.ibm.com \
    --to=mhalcrow@us.ibm.com \
    --cc=akpm@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=smueller@chronox.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox