eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size
The parse_tag_3_packet function does not check if the tag 3 packet contains a encrypted key size larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES. Signed-off-by: Ramon de Carvalho Valle <ramon@risesecurity.org> [tyhicks@linux.vnet.ibm.com: Added printk newline and changed goto to out_free] Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Cc: stable@kernel.org (2.6.27 and 30) Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
6352a29305
commit
f151cd2c54
@ -1303,6 +1303,13 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
|
||||
}
|
||||
(*new_auth_tok)->session_key.encrypted_key_size =
|
||||
(body_size - (ECRYPTFS_SALT_SIZE + 5));
|
||||
if ((*new_auth_tok)->session_key.encrypted_key_size
|
||||
> ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
|
||||
printk(KERN_WARNING "Tag 3 packet contains key larger "
|
||||
"than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
|
||||
rc = -EINVAL;
|
||||
goto out_free;
|
||||
}
|
||||
if (unlikely(data[(*packet_size)++] != 0x04)) {
|
||||
printk(KERN_WARNING "Unknown version number [%d]\n",
|
||||
data[(*packet_size) - 1]);
|
||||
|
Loading…
Reference in New Issue
Block a user