• Tyler Hicks's avatar
    eCryptfs: Larger buffer for encrypted symlink targets · 3a6b42ca
    Tyler Hicks authored
    When using filename encryption with eCryptfs, the value of the symlink
    in the lower filesystem is encrypted and stored as a Tag 70 packet.
    This results in a longer symlink target than if the target value wasn't
    encrypted.
    
    Users were reporting these messages in their syslog:
    
    [ 45.653441] ecryptfs_parse_tag_70_packet: max_packet_size is [56]; real
    packet size is [51]
    [ 45.653444] ecryptfs_decode_and_decrypt_filename: Could not parse tag
    70 packet from filename; copying through filename as-is
    
    This was due to bufsiz, one the arguments in readlink(), being used to
    when allocating the buffer passed to the lower inode's readlink().
    That symlink target may be very large, but when decoded and decrypted,
    could end up being smaller than bufsize.
    
    To fix this, the buffer passed to the lower inode's readlink() will
    always be PATH_MAX in size when filename encryption is enabled.  Any
    necessary truncation occurs after the decoding and decrypting.
    Signed-off-by: default avatarTyler Hicks <tyhicks@linux.vnet.ibm.com>
    3a6b42ca
inode.c 32.5 KB