• Eric Sandeen's avatar
    ecryptfs: fix memory corruption when storing crypto info in xattrs · 87b811c3
    Eric Sandeen authored
    When ecryptfs allocates space to write crypto headers into, before copying
    it out to file headers or to xattrs, it looks at the value of
    crypt_stat->num_header_bytes_at_front to determine how much space it
    needs.  This is also used as the file offset to the actual encrypted data,
    so for xattr-stored crypto info, the value was zero.
    
    So, we kzalloc'd 0 bytes, and then ran off to write to that memory.
    (Which returned as ZERO_SIZE_PTR, so we explode quickly).
    
    The right answer is to always allocate a page to write into; the current
    code won't ever write more than that (this is enforced by the
    (PAGE_CACHE_SIZE - offset) length in the call to
    ecryptfs_generate_key_packet_set).  To be explicit about this, we now send
    in a "max" parameter, rather than magically using PAGE_CACHE_SIZE there.
    
    Also, since the pointer we pass down the callchain eventually gets the
    virt_to_page() treatment, we should be using a alloc_page variant, not
    kzalloc (see also 7fcba054)
    Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
    Acked-by: default avatarMichael Halcrow <mhalcrow@us.ibm.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    87b811c3
crypto.c 56.3 KB