[04/11] ecryptfs: initialize private persistent file before dereferencing pointer

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
	akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
	Duckjin Kang <fromdj2k@gmail.com>, Erez Zadok <ezk@cs.sunysb.edu>,
	Dustin Kirkland <kirkland@canonical.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Subject: [04/11] ecryptfs: initialize private persistent file before dereferencing pointer
Date: Tue, 26 Jan 2010 11:14:40 -0800	[thread overview]
Message-ID: <20100126191624.282924254@mini.kroah.org> (raw)
In-Reply-To: <20100126191730.GA20872@kroah.com>

2.6.27-stable review patch.  If anyone has any objections, please let us know.

------------------

From: Erez Zadok <ezk@cs.sunysb.edu>

commit e27759d7a333d1f25d628c4f7caf845c51be51c2 upstream.

Ecryptfs_open dereferences a pointer to the private lower file (the one
stored in the ecryptfs inode), without checking if the pointer is NULL.
Right afterward, it initializes that pointer if it is NULL.  Swap order of
statements to first initialize.  Bug discovered by Duckjin Kang.

Signed-off-by: Duckjin Kang <fromdj2k@gmail.com>
Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Cc: Dustin Kirkland <kirkland@canonical.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 fs/ecryptfs/file.c |   14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -192,13 +192,6 @@ static int ecryptfs_open(struct inode *i
 				      | ECRYPTFS_ENCRYPTED);
 	}
 	mutex_unlock(&crypt_stat->cs_mutex);
-	if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_RDONLY)
-	    && !(file->f_flags & O_RDONLY)) {
-		rc = -EPERM;
-		printk(KERN_WARNING "%s: Lower persistent file is RO; eCryptfs "
-		       "file must hence be opened RO\n", __func__);
-		goto out;
-	}
 	if (!ecryptfs_inode_to_private(inode)->lower_file) {
 		rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
 		if (rc) {
@@ -209,6 +202,13 @@ static int ecryptfs_open(struct inode *i
 			goto out;
 		}
 	}
+	if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_RDONLY)
+	    && !(file->f_flags & O_RDONLY)) {
+		rc = -EPERM;
+		printk(KERN_WARNING "%s: Lower persistent file is RO; eCryptfs "
+		       "file must hence be opened RO\n", __func__);
+		goto out;
+	}
 	ecryptfs_set_file_lower(
 		file, ecryptfs_inode_to_private(inode)->lower_file);
 	if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {

next prev parent reply	other threads:[~2010-01-26 19:29 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-01-26 19:17 [00/11] 2.6.27.45 review Greg KH
2010-01-26 19:14 ` [01/11] edac: i5000_edac critical fix panic out of bounds Greg KH
2010-01-26 19:14 ` [02/11] [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable permissions Greg KH
2010-01-26 19:14 ` [03/11] reiserfs: truncate blocks not used by a write Greg KH
2010-01-26 19:14 ` Greg KH [this message]
2010-01-26 19:14 ` [05/11] ecryptfs: use after free Greg KH
2010-01-26 19:14 ` [06/11] tty: fix race in tty_fasync Greg KH
2010-01-26 19:49   ` Eric W. Biederman
2010-01-26 22:11     ` Linus Torvalds
2010-01-26 23:02       ` Eric W. Biederman
2010-01-26 23:04       ` Greg KH
2010-01-27  1:30         ` Linus Torvalds
2010-01-27  1:47           ` Greg KH
2010-01-26 19:14 ` [07/11] USB: add missing delay during remote wakeup Greg KH
2010-01-26 19:14 ` [08/11] USB: EHCI: fix handling of unusual interrupt intervals Greg KH
2010-01-26 19:14 ` [09/11] USB: EHCI & UHCI: fix race between root-hub suspend and port resume Greg KH
2010-01-26 19:14 ` [10/11] ipc ns: fix memory leak (idr) Greg KH
2010-01-26 19:14 ` [11/11] KVM: S390: fix potential array overrun in intercept handling Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100126191624.282924254@mini.kroah.org \
    --to=gregkh@suse.de \
    --cc=akpm@linux-foundation.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=ezk@cs.sunysb.edu \
    --cc=fromdj2k@gmail.com \
    --cc=kirkland@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable-review@kernel.org \
    --cc=stable@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=tyhicks@linux.vnet.ibm.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox