| From 942080643bce061c3dd9d5718d3b745dcb39a8bc Mon Sep 17 00:00:00 2001 |
| From: Michael Halcrow <mhalcrow@google.com> |
| Date: Wed, 26 Nov 2014 09:09:16 -0800 |
| Subject: eCryptfs: Remove buggy and unnecessary write in file name decode routine |
| |
| From: Michael Halcrow <mhalcrow@google.com> |
| |
| commit 942080643bce061c3dd9d5718d3b745dcb39a8bc upstream. |
| |
| Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the |
| end of the allocated buffer during encrypted filename decoding. This |
| fix corrects the issue by getting rid of the unnecessary 0 write when |
| the current bit offset is 2. |
| |
| Signed-off-by: Michael Halcrow <mhalcrow@google.com> |
| Reported-by: Dmitry Chernenkov <dmitryc@google.com> |
| Suggested-by: Kees Cook <keescook@chromium.org> |
| Signed-off-by: Tyler Hicks <tyhicks@canonical.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/ecryptfs/crypto.c | 1 - |
| 1 file changed, 1 deletion(-) |
| |
| --- a/fs/ecryptfs/crypto.c |
| +++ b/fs/ecryptfs/crypto.c |
| @@ -2102,7 +2102,6 @@ ecryptfs_decode_from_filename(unsigned c |
| break; |
| case 2: |
| dst[dst_byte_offset++] |= (src_byte); |
| - dst[dst_byte_offset] = 0; |
| current_bit_offset = 0; |
| break; |
| } |
