linux/fs/ecryptfs
Tyler Hicks 0f751e641a eCryptfs: Extend array bounds for all filename chars
From mhalcrow's original commit message:

    Characters with ASCII values greater than the size of
    filename_rev_map[] are valid filename characters.
    ecryptfs_decode_from_filename() will access kernel memory beyond
    that array, and ecryptfs_parse_tag_70_packet() will then decrypt
    those characters. The attacker, using the FNEK of the crafted file,
    can then re-encrypt the characters to reveal the kernel memory past
    the end of the filename_rev_map[] array. I expect low security
    impact since this array is statically allocated in the text area,
    and the amount of memory past the array that is accessible is
    limited by the largest possible ASCII filename character.

This patch solves the issue reported by mhalcrow but with an
implementation suggested by Linus to simply extend the length of
filename_rev_map[] to 256. Characters greater than 0x7A are mapped to
0x00, which is how invalid characters less than 0x7A were previously
being handled.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Michael Halcrow <mhalcrow@google.com>
Cc: stable@kernel.org
2011-11-23 15:43:53 -06:00
..
crypto.c eCryptfs: Extend array bounds for all filename chars 2011-11-23 15:43:53 -06:00
debug.c
dentry.c eCryptfs: Handle NULL nameidata pointers 2011-02-21 14:45:57 -06:00
ecryptfs_kernel.h eCryptfs: Prevent file create race condition 2011-11-23 15:39:38 -06:00
file.c eCryptfs: Flush file in vma close 2011-11-23 15:40:09 -06:00
inode.c eCryptfs: Prevent file create race condition 2011-11-23 15:39:38 -06:00
Kconfig eCryptfs: fix compile error 2011-08-09 13:42:46 -05:00
keystore.c eCryptfs: Fix payload_len unitialized variable warning 2011-08-09 13:42:46 -05:00
kthread.c eCryptfs: Add reference counting to lower files 2011-04-25 18:32:37 -05:00
main.c Ecryptfs: Add mount option to check uid of device being mounted = expect uid 2011-08-09 23:29:01 -05:00
Makefile eCryptfs: remove netlink transport 2008-10-16 11:21:39 -07:00
messaging.c ecryptfs: properly mark init functions 2010-08-27 10:50:52 -05:00
miscdev.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
mmap.c eCryptfs: Unlock page in write_begin error path 2011-03-28 01:47:46 -05:00
read_write.c eCryptfs: Return error when lower file pointer is NULL 2011-08-09 13:42:45 -05:00
super.c eCryptfs: Consolidate inode functions into inode.c 2011-05-29 12:49:53 -05:00