linux-toradex.git/fs/ecryptfs/keystore.c, branch v4.0.6 Linux kernel for Apalis and Colibri modules eCryptfs: ensure copy to crypt_stat->cipher does not overrun 2015-02-25T01:23:28+00:00 Colin Ian King colin.king@canonical.com 2015-02-23T11:34:10+00:00 2a559a8bdeae853b6a8abb477c88875e1d4de591 The patch 237fead61998: "[PATCH] ecryptfs: fs/Makefile and fs/Kconfig" from Oct 4, 2006, leads to the following static checker warning: fs/ecryptfs/crypto.c:846 ecryptfs_new_file_context() error: off-by-one overflow 'crypt_stat->cipher' size 32. rl = '0-32' There is a mismatch between the size of ecryptfs_crypt_stat.cipher and ecryptfs_mount_crypt_stat.global_default_cipher_name causing the copy of the cipher name to cause a off-by-one string copy error. This fix ensures the space reserved for this string is the same size including the trailing zero at the end throughout ecryptfs. This fix avoids increasing the size of ecryptfs_crypt_stat.cipher and also ecryptfs_parse_tag_70_packet_silly_stack.cipher_string and instead reduces the of ECRYPTFS_MAX_CIPHER_NAME_SIZE to 31 and includes the + 1 for the end of string terminator. NOTE: An overflow is not possible in practice since the value copied into global_default_cipher_name is validated by ecryptfs_code_for_cipher_string() at mount time. None of the allowed cipher strings are long enough to cause the potential buffer overflow fixed by this patch. Signed-off-by: Colin Ian King <colin.king@canonical.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> [tyhicks: Added the NOTE about the overflow not being triggerable] Signed-off-by: Tyler Hicks <tyhicks@canonical.com> 
The patch 237fead61998: "[PATCH] ecryptfs: fs/Makefile and
fs/Kconfig" from Oct 4, 2006, leads to the following static checker
warning:

  fs/ecryptfs/crypto.c:846 ecryptfs_new_file_context()
  error: off-by-one overflow 'crypt_stat->cipher' size 32.  rl = '0-32'

There is a mismatch between the size of ecryptfs_crypt_stat.cipher
and ecryptfs_mount_crypt_stat.global_default_cipher_name causing the
copy of the cipher name to cause a off-by-one string copy error. This
fix ensures the space reserved for this string is the same size including
the trailing zero at the end throughout ecryptfs.

This fix avoids increasing the size of ecryptfs_crypt_stat.cipher
and also ecryptfs_parse_tag_70_packet_silly_stack.cipher_string and instead
reduces the of ECRYPTFS_MAX_CIPHER_NAME_SIZE to 31 and includes the + 1 for
the end of string terminator.

NOTE: An overflow is not possible in practice since the value copied
into global_default_cipher_name is validated by
ecryptfs_code_for_cipher_string() at mount time. None of the allowed
cipher strings are long enough to cause the potential buffer overflow
fixed by this patch.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
[tyhicks: Added the NOTE about the overflow not being triggerable]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
eCryptfs: Remove unnecessary casts when parsing packet lengths 2014-10-29T23:32:59+00:00 Tyler Hicks tyhicks@canonical.com 2014-10-23T14:16:06+00:00 831115af5ca36d713355bf1b379081691eca8b3f The elements in the data array are already unsigned chars and do not need to be casted. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> 
The elements in the data array are already unsigned chars and do not
need to be casted.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
ecryptfs: remove unnecessary break after goto 2014-07-14T19:29:11+00:00 Fabian Frederick fabf@skynet.be 2014-07-08T16:30:07+00:00 04ec5f5c0022ee941615e304bc75853fe1bc94ba Signed-off-by: Fabian Frederick <fabf@skynet.be> Cc: ecryptfs@vger.kernel.org Signed-off-by: Tyler Hicks <tyhicks@canonical.com> 
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: ecryptfs@vger.kernel.org
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
ecryptfs: Remove unnecessary include of syscall.h in keystore.c 2014-07-03T21:38:23+00:00 Steven Rostedt rostedt@goodmis.org 2014-06-19T01:15:59+00:00 27199b15e4f027e24969f6644ce4ff414c7e6cba There's no reason to include syscalls.h in keystore.c. Remove it. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> 
There's no reason to include syscalls.h in keystore.c. Remove it.

Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
ecryptfs: Fix memory leakage in keystore.c 2013-10-16T22:18:01+00:00 Geyslan G. Bem geyslan@gmail.com 2013-10-11T19:49:16+00:00 3edc8376c06133e3386265a824869cad03a4efd4 In 'decrypt_pki_encrypted_session_key' function: Initializes 'payload' pointer and releases it on exit. Signed-off-by: Geyslan G. Bem <geyslan@gmail.com> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Cc: stable@vger.kernel.org # v2.6.28+ 
In 'decrypt_pki_encrypted_session_key' function:

Initializes 'payload' pointer and releases it on exit.

Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Cc: stable@vger.kernel.org # v2.6.28+
eCryptfs: allow userspace messaging to be disabled 2013-03-04T07:59:59+00:00 Kees Cook keescook@chromium.org 2013-02-28T08:39:37+00:00 290502bee239062499297916bb7d21d205e99d62 When the userspace messaging (for the less common case of userspace key wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with it removed. This saves on kernel code size and reduces potential attack surface by removing the /dev/ecryptfs node. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> 
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
eCryptfs: decrypt_pki_encrypted_session_key(): remove kfree() redundant null check 2013-02-12T18:06:01+00:00 Tim Gardner tim.gardner@canonical.com 2013-02-12T17:56:54+00:00 3a46741804a4226cd837d1246eed95d4161f7159 smatch analysis: fs/ecryptfs/keystore.c:1206 decrypt_pki_encrypted_session_key() info: redundant null check on msg calling kfree() Cc: Dustin Kirkland <dustin.kirkland@gazzang.com> Cc: ecryptfs@vger.kernel.org Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> 
smatch analysis:

fs/ecryptfs/keystore.c:1206 decrypt_pki_encrypted_session_key() info:
 redundant null check on msg calling kfree()

Cc: Dustin Kirkland <dustin.kirkland@gazzang.com>
Cc: ecryptfs@vger.kernel.org
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
eCryptfs: initialize payload_len in keystore.c 2013-01-17T19:31:25+00:00 Simon Que sque@chromium.org 2013-01-17T19:18:20+00:00 fa5199648e273a5e3e80aca41c1eb53700438dc1 This is meant to remove a compiler warning. It should not make any functional change. payload_len should be initialized when it is passed to write_tag_64_packet() as a pointer. If that call fails, this function should return early, and payload_len won't be used. Signed-off-by: Simon Que <sque@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> 
This is meant to remove a compiler warning.  It should not make any
functional change.

payload_len should be initialized when it is passed to
write_tag_64_packet() as a pointer.  If that call fails, this function
should return early, and payload_len won't be used.

Signed-off-by: Simon Que <sque@chromium.org>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
eCryptfs: Improve statfs reporting 2012-02-16T22:06:21+00:00 Tyler Hicks tyhicks@canonical.com 2011-11-05T17:45:08+00:00 4a26620df451ad46151ad21d711ed43e963c004e statfs() calls on eCryptfs files returned the wrong filesystem type and, when using filename encryption, the wrong maximum filename length. If mount-wide filename encryption is enabled, the cipher block size and the lower filesystem's max filename length will determine the max eCryptfs filename length. Pre-tested, known good lengths are used when the lower filesystem's namelen is 255 and a cipher with 8 or 16 byte block sizes is used. In other, less common cases, we fall back to a safe rounded-down estimate when determining the eCryptfs namelen. https://launchpad.net/bugs/885744 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reported-by: Kees Cook <keescook@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> 
statfs() calls on eCryptfs files returned the wrong filesystem type and,
when using filename encryption, the wrong maximum filename length.

If mount-wide filename encryption is enabled, the cipher block size and
the lower filesystem's max filename length will determine the max
eCryptfs filename length. Pre-tested, known good lengths are used when
the lower filesystem's namelen is 255 and a cipher with 8 or 16 byte
block sizes is used. In other, less common cases, we fall back to a safe
rounded-down estimate when determining the eCryptfs namelen.

https://launchpad.net/bugs/885744

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
eCryptfs: Replace miscdev read/write magic numbers 2012-01-25T20:43:40+00:00 Tyler Hicks tyhicks@canonical.com 2012-01-14T15:46:46+00:00 48399c0b0e6172888a2e2e36df1595ab1e049ba8 ecryptfs_miscdev_read() and ecryptfs_miscdev_write() contained many magic numbers for specifying packet header field sizes and offsets. This patch defines those values and replaces the magic values. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> 
ecryptfs_miscdev_read() and ecryptfs_miscdev_write() contained many
magic numbers for specifying packet header field sizes and offsets. This
patch defines those values and replaces the magic values.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>