Commit 146a4606 authored by Michael Halcrow's avatar Michael Halcrow Committed by Linus Torvalds

eCryptfs: fix Tag 11 writing code

Fix up the Tag 11 writing code to handle size limits and boundaries more
explicitly.  It looks like the packet length was 1 shorter than it should have
been, chopping off the last byte of the key identifier.  This is largely
inconsequential, since it is not much more likely that a key identifier
collision will occur with 7 bytes rather than 8.  This patch fixes the packet
to use the full number of bytes that were originally intended to be used for
the key identifier.
Signed-off-by: default avatarMichael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent f648104a
...@@ -1449,47 +1449,52 @@ write_tag_1_packet(char *dest, size_t *remaining_bytes, ...@@ -1449,47 +1449,52 @@ write_tag_1_packet(char *dest, size_t *remaining_bytes,
* Returns zero on success; non-zero on error. * Returns zero on success; non-zero on error.
*/ */
static int static int
write_tag_11_packet(char *dest, int max, char *contents, size_t contents_length, write_tag_11_packet(char *dest, int *remaining_bytes, char *contents,
size_t *packet_length) size_t contents_length, size_t *packet_length)
{ {
size_t packet_size_length; size_t packet_size_length;
size_t max_packet_size;
int rc = 0; int rc = 0;
(*packet_length) = 0; (*packet_length) = 0;
if ((13 + contents_length) > max) { /* This format is inspired by OpenPGP; see RFC 2440
* packet tag 11 */
max_packet_size = (1 /* Tag 11 identifier */
+ 3 /* Max Tag 11 packet size */
+ 1 /* Binary format specifier */
+ 1 /* Filename length */
+ 8 /* Filename ("_CONSOLE") */
+ 4 /* Modification date */
+ contents_length); /* Literal data */
if (max_packet_size > (*remaining_bytes)) {
printk(KERN_ERR "Packet length larger than maximum allowable; "
"need up to [%d] bytes, but there are only [%d] "
"available\n", max_packet_size, (*remaining_bytes));
rc = -EINVAL; rc = -EINVAL;
ecryptfs_printk(KERN_ERR, "Packet length larger than "
"maximum allowable\n");
goto out; goto out;
} }
/* General packet header */
/* Packet tag */
dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE; dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE;
/* Packet length */
rc = write_packet_length(&dest[(*packet_length)], rc = write_packet_length(&dest[(*packet_length)],
(13 + contents_length), &packet_size_length); (max_packet_size - 4), &packet_size_length);
if (rc) { if (rc) {
ecryptfs_printk(KERN_ERR, "Error generating tag 11 packet " printk(KERN_ERR "Error generating tag 11 packet header; cannot "
"header; cannot generate packet length\n"); "generate packet length. rc = [%d]\n", rc);
goto out; goto out;
} }
(*packet_length) += packet_size_length; (*packet_length) += packet_size_length;
/* Tag 11 specific */ dest[(*packet_length)++] = 0x62; /* binary data format specifier */
/* One-octet field that describes how the data is formatted */
dest[(*packet_length)++] = 0x62; /* binary data */
/* One-octet filename length followed by filename */
dest[(*packet_length)++] = 8; dest[(*packet_length)++] = 8;
memcpy(&dest[(*packet_length)], "_CONSOLE", 8); memcpy(&dest[(*packet_length)], "_CONSOLE", 8);
(*packet_length) += 8; (*packet_length) += 8;
/* Four-octet number indicating modification date */
memset(&dest[(*packet_length)], 0x00, 4); memset(&dest[(*packet_length)], 0x00, 4);
(*packet_length) += 4; (*packet_length) += 4;
/* Remainder is literal data */
memcpy(&dest[(*packet_length)], contents, contents_length); memcpy(&dest[(*packet_length)], contents, contents_length);
(*packet_length) += contents_length; (*packet_length) += contents_length;
out: out:
if (rc) if (rc)
(*packet_length) = 0; (*packet_length) = 0;
else
(*remaining_bytes) -= (*packet_length);
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment