Google Git
Sign in
kernel / pub / scm / linux / kernel / git / horms / ipvs-next / 4df9205138cd0c610b52eefe1ecdafdaf65cfb12
commit4df9205138cd0c610b52eefe1ecdafdaf65cfb12[log] [tgz]
authorTyler Hicks <tyhicks@linux.vnet.ibm.com>Tue Jul 28 13:57:01 2009 -0500
committerGreg Kroah-Hartman <gregkh@suse.de>Thu Jul 30 14:40:35 2009 -0700
tree9a2f2d543dbc4d697b71863fccb04f2fb80acbfc
parent57bee88245247744cd953ab3c410ba637ba6e0c3 [diff]
eCryptfs: Check Tag 11 literal data buffer size (CVE-2009-2406)

commit 6352a29305373ae6196491e6d4669f301e26492e upstream.

Tag 11 packets are stored in the metadata section of an eCryptfs file to
store the key signature(s) used to encrypt the file encryption key.
After extracting the packet length field to determine the key signature
length, a check is not performed to see if the length would exceed the
key signature buffer size that was passed into parse_tag_11_packet().

Thanks to Ramon de Carvalho Valle for finding this bug using fsfuzzer.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
1 file changed
tree: 9a2f2d543dbc4d697b71863fccb04f2fb80acbfc
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. usr/
  20. virt/
  21. .gitignore
  22. .mailmap
  23. COPYING
  24. CREDITS
  25. Kbuild
  26. MAINTAINERS
  27. Makefile
  28. README
  29. REPORTING-BUGS