summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Halcrow <mhalcrow@google.com>2014-11-26 09:09:16 -0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2015-01-08 09:58:17 -0800
commit66012982c8e3344b6fc94defba2909356c607a6d (patch)
tree5e8a0968da2204086c7568b77bd04e921c524978
parented775f3161684770d506e150073d9f271335d5d3 (diff)
downloadlwn-66012982c8e3344b6fc94defba2909356c607a6d.tar.gz
lwn-66012982c8e3344b6fc94defba2909356c607a6d.zip
eCryptfs: Remove buggy and unnecessary write in file name decode routine
commit 942080643bce061c3dd9d5718d3b745dcb39a8bc upstream. Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the end of the allocated buffer during encrypted filename decoding. This fix corrects the issue by getting rid of the unnecessary 0 write when the current bit offset is 2. Signed-off-by: Michael Halcrow <mhalcrow@google.com> Reported-by: Dmitry Chernenkov <dmitryc@google.com> Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--fs/ecryptfs/crypto.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index f71ec125290d..1da2446bf6b0 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -2102,7 +2102,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
break;
case 2:
dst[dst_byte_offset++] |= (src_byte);
- dst[dst_byte_offset] = 0;
current_bit_offset = 0;
break;
}