Message ID | 1256244229-26433-1-git-send-email-surbhi.palande@canonical.com |
---|---|
State | Accepted |
Headers | show |
Surbhi Palande wrote: > SRU Justification: > Impact: Bug in the Ecryptfs disallowed saving the file under the ecryptfs > directory ~/Private using Emacs. > > Fix: The cherry picked patch with the upstream commit id > "b0105eaefa7cce8f4a941d0fc6354b250d30e745" fixed this bug. Previous to this > fix a cipher code was not recognized and as a result memory was not allocated > to some pointer. However this pointer was freed even when the allocation was > not done. This fix, prevents the freeing of memory when the cipher is not > recognised and memory is not allocated. > > Testcase: The reporter of the bug, has verified that this patch has fixed this > bug for him. > > === > > From d2504c185b312650445d95d2cfeac80309af237a Mon Sep 17 00:00:00 2001 > From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> > Date: Tue, 11 Aug 2009 00:36:32 -0500 > Subject: [PATCH] [jaunty] [Upstream]: eCryptfs: Handle unrecognized tag 3 cipher codes > > BugLink: https://bugs.launchpad.net/bugs/415252 > > Returns an error when an unrecognized cipher code is present in a tag 3 > packet or an ecryptfs_crypt_stat cannot be initialized. Also sets an > crypt_stat->tfm error pointer to NULL to ensure that it will not be > incorrectly freed in ecryptfs_destroy_crypt_stat(). > > Acked-by: Serge Hallyn <serue@us.ibm.com> > Cc: ecryptfs-devel@lists.launchpad.net > Cc: stable <stable@kernel.org> > Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> > (cherry picked from commit b0105eaefa7cce8f4a941d0fc6354b250d30e745) > Signed-off-by: Surbhi Palande <surbhi.palande@canonical.com> > --- > fs/ecryptfs/crypto.c | 1 + > fs/ecryptfs/keystore.c | 10 +++++++--- > 2 files changed, 8 insertions(+), 3 deletions(-) > > diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c > index 8b65f28..bbf080b 100644 > --- a/fs/ecryptfs/crypto.c > +++ b/fs/ecryptfs/crypto.c > @@ -814,6 +814,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) > kfree(full_alg_name); > if (IS_ERR(crypt_stat->tfm)) { > rc = PTR_ERR(crypt_stat->tfm); > + crypt_stat->tfm = NULL; > ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " > "Error initializing cipher [%s]\n", > crypt_stat->cipher); > diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c > index 37bcb43..b41af15 100644 > --- a/fs/ecryptfs/keystore.c > +++ b/fs/ecryptfs/keystore.c > @@ -1317,8 +1317,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, > rc = -EINVAL; > goto out_free; > } > - ecryptfs_cipher_code_to_string(crypt_stat->cipher, > - (u16)data[(*packet_size)]); > + rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, > + (u16)data[(*packet_size)]); > + if (rc) > + goto out_free; > /* A little extra work to differentiate among the AES key > * sizes; see RFC2440 */ > switch(data[(*packet_size)++]) { > @@ -1329,7 +1331,9 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, > crypt_stat->key_size = > (*new_auth_tok)->session_key.encrypted_key_size; > } > - ecryptfs_init_crypt_ctx(crypt_stat); > + rc = ecryptfs_init_crypt_ctx(crypt_stat); > + if (rc) > + goto out_free; > if (unlikely(data[(*packet_size)++] != 0x03)) { > printk(KERN_WARNING "Only S2K ID 3 is currently supported\n"); > rc = -ENOSYS; ACK
Surbhi Palande wrote: > SRU Justification: > Impact: Bug in the Ecryptfs disallowed saving the file under the ecryptfs > directory ~/Private using Emacs. > > Fix: The cherry picked patch with the upstream commit id > "b0105eaefa7cce8f4a941d0fc6354b250d30e745" fixed this bug. Previous to this > fix a cipher code was not recognized and as a result memory was not allocated > to some pointer. However this pointer was freed even when the allocation was > not done. This fix, prevents the freeing of memory when the cipher is not > recognised and memory is not allocated. > > Testcase: The reporter of the bug, has verified that this patch has fixed this > bug for him. > > === > > From d2504c185b312650445d95d2cfeac80309af237a Mon Sep 17 00:00:00 2001 > From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> > Date: Tue, 11 Aug 2009 00:36:32 -0500 > Subject: [PATCH] [jaunty] [Upstream]: eCryptfs: Handle unrecognized tag 3 cipher codes > > BugLink: https://bugs.launchpad.net/bugs/415252 > > Returns an error when an unrecognized cipher code is present in a tag 3 > packet or an ecryptfs_crypt_stat cannot be initialized. Also sets an > crypt_stat->tfm error pointer to NULL to ensure that it will not be > incorrectly freed in ecryptfs_destroy_crypt_stat(). > > Acked-by: Serge Hallyn <serue@us.ibm.com> > Cc: ecryptfs-devel@lists.launchpad.net > Cc: stable <stable@kernel.org> > Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> > (cherry picked from commit b0105eaefa7cce8f4a941d0fc6354b250d30e745) > Signed-off-by: Surbhi Palande <surbhi.palande@canonical.com> > --- > fs/ecryptfs/crypto.c | 1 + > fs/ecryptfs/keystore.c | 10 +++++++--- > 2 files changed, 8 insertions(+), 3 deletions(-) > > diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c > index 8b65f28..bbf080b 100644 > --- a/fs/ecryptfs/crypto.c > +++ b/fs/ecryptfs/crypto.c > @@ -814,6 +814,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) > kfree(full_alg_name); > if (IS_ERR(crypt_stat->tfm)) { > rc = PTR_ERR(crypt_stat->tfm); > + crypt_stat->tfm = NULL; > ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " > "Error initializing cipher [%s]\n", > crypt_stat->cipher); > diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c > index 37bcb43..b41af15 100644 > --- a/fs/ecryptfs/keystore.c > +++ b/fs/ecryptfs/keystore.c > @@ -1317,8 +1317,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, > rc = -EINVAL; > goto out_free; > } > - ecryptfs_cipher_code_to_string(crypt_stat->cipher, > - (u16)data[(*packet_size)]); > + rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, > + (u16)data[(*packet_size)]); > + if (rc) > + goto out_free; > /* A little extra work to differentiate among the AES key > * sizes; see RFC2440 */ > switch(data[(*packet_size)++]) { > @@ -1329,7 +1331,9 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, > crypt_stat->key_size = > (*new_auth_tok)->session_key.encrypted_key_size; > } > - ecryptfs_init_crypt_ctx(crypt_stat); > + rc = ecryptfs_init_crypt_ctx(crypt_stat); > + if (rc) > + goto out_free; > if (unlikely(data[(*packet_size)++] != 0x03)) { > printk(KERN_WARNING "Only S2K ID 3 is currently supported\n"); > rc = -ENOSYS; ACK
Surbhi Palande wrote: > SRU Justification: > Impact: Bug in the Ecryptfs disallowed saving the file under the ecryptfs > directory ~/Private using Emacs. > > Fix: The cherry picked patch with the upstream commit id > "b0105eaefa7cce8f4a941d0fc6354b250d30e745" fixed this bug. Previous to this > fix a cipher code was not recognized and as a result memory was not allocated > to some pointer. However this pointer was freed even when the allocation was > not done. This fix, prevents the freeing of memory when the cipher is not > recognised and memory is not allocated. > > Testcase: The reporter of the bug, has verified that this patch has fixed this > bug for him. > > === > > From d2504c185b312650445d95d2cfeac80309af237a Mon Sep 17 00:00:00 2001 > From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> > Date: Tue, 11 Aug 2009 00:36:32 -0500 > Subject: [PATCH] [jaunty] [Upstream]: eCryptfs: Handle unrecognized tag 3 cipher codes > > BugLink: https://bugs.launchpad.net/bugs/415252 > > Returns an error when an unrecognized cipher code is present in a tag 3 > packet or an ecryptfs_crypt_stat cannot be initialized. Also sets an > crypt_stat->tfm error pointer to NULL to ensure that it will not be > incorrectly freed in ecryptfs_destroy_crypt_stat(). > > Acked-by: Serge Hallyn <serue@us.ibm.com> > Cc: ecryptfs-devel@lists.launchpad.net > Cc: stable <stable@kernel.org> > Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> > (cherry picked from commit b0105eaefa7cce8f4a941d0fc6354b250d30e745) > Signed-off-by: Surbhi Palande <surbhi.palande@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > fs/ecryptfs/crypto.c | 1 + > fs/ecryptfs/keystore.c | 10 +++++++--- > 2 files changed, 8 insertions(+), 3 deletions(-) > > diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c > index 8b65f28..bbf080b 100644 > --- a/fs/ecryptfs/crypto.c > +++ b/fs/ecryptfs/crypto.c > @@ -814,6 +814,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) > kfree(full_alg_name); > if (IS_ERR(crypt_stat->tfm)) { > rc = PTR_ERR(crypt_stat->tfm); > + crypt_stat->tfm = NULL; > ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " > "Error initializing cipher [%s]\n", > crypt_stat->cipher); > diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c > index 37bcb43..b41af15 100644 > --- a/fs/ecryptfs/keystore.c > +++ b/fs/ecryptfs/keystore.c > @@ -1317,8 +1317,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, > rc = -EINVAL; > goto out_free; > } > - ecryptfs_cipher_code_to_string(crypt_stat->cipher, > - (u16)data[(*packet_size)]); > + rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, > + (u16)data[(*packet_size)]); > + if (rc) > + goto out_free; > /* A little extra work to differentiate among the AES key > * sizes; see RFC2440 */ > switch(data[(*packet_size)++]) { > @@ -1329,7 +1331,9 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, > crypt_stat->key_size = > (*new_auth_tok)->session_key.encrypted_key_size; > } > - ecryptfs_init_crypt_ctx(crypt_stat); > + rc = ecryptfs_init_crypt_ctx(crypt_stat); > + if (rc) > + goto out_free; > if (unlikely(data[(*packet_size)++] != 0x03)) { > printk(KERN_WARNING "Only S2K ID 3 is currently supported\n"); > rc = -ENOSYS;
Applied
=== From d2504c185b312650445d95d2cfeac80309af237a Mon Sep 17 00:00:00 2001 From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Date: Tue, 11 Aug 2009 00:36:32 -0500 Subject: [PATCH] [jaunty] [Upstream]: eCryptfs: Handle unrecognized tag 3 cipher codes BugLink: https://bugs.launchpad.net/bugs/415252 Returns an error when an unrecognized cipher code is present in a tag 3 packet or an ecryptfs_crypt_stat cannot be initialized. Also sets an crypt_stat->tfm error pointer to NULL to ensure that it will not be incorrectly freed in ecryptfs_destroy_crypt_stat(). Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: ecryptfs-devel@lists.launchpad.net Cc: stable <stable@kernel.org> Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> (cherry picked from commit b0105eaefa7cce8f4a941d0fc6354b250d30e745) Signed-off-by: Surbhi Palande <surbhi.palande@canonical.com> --- fs/ecryptfs/crypto.c | 1 + fs/ecryptfs/keystore.c | 10 +++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 8b65f28..bbf080b 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -814,6 +814,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) kfree(full_alg_name); if (IS_ERR(crypt_stat->tfm)) { rc = PTR_ERR(crypt_stat->tfm); + crypt_stat->tfm = NULL; ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " "Error initializing cipher [%s]\n", crypt_stat->cipher); diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 37bcb43..b41af15 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -1317,8 +1317,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, rc = -EINVAL; goto out_free; } - ecryptfs_cipher_code_to_string(crypt_stat->cipher, - (u16)data[(*packet_size)]); + rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, + (u16)data[(*packet_size)]); + if (rc) + goto out_free; /* A little extra work to differentiate among the AES key * sizes; see RFC2440 */ switch(data[(*packet_size)++]) { @@ -1329,7 +1331,9 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, crypt_stat->key_size = (*new_auth_tok)->session_key.encrypted_key_size; } - ecryptfs_init_crypt_ctx(crypt_stat); + rc = ecryptfs_init_crypt_ctx(crypt_stat); + if (rc) + goto out_free; if (unlikely(data[(*packet_size)++] != 0x03)) { printk(KERN_WARNING "Only S2K ID 3 is currently supported\n"); rc = -ENOSYS;