android_kernel_samsung_msm8976/fs/ecryptfs
Tyler Hicks 6352a29305 eCryptfs: Check Tag 11 literal data buffer size
Tag 11 packets are stored in the metadata section of an eCryptfs file to
store the key signature(s) used to encrypt the file encryption key.
After extracting the packet length field to determine the key signature
length, a check is not performed to see if the length would exceed the
key signature buffer size that was passed into parse_tag_11_packet().

Thanks to Ramon de Carvalho Valle for finding this bug using fsfuzzer.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Cc: stable@kernel.org (2.6.27 and 30)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-07-28 14:26:06 -07:00
..
crypto.c eCryptfs: Fix data corruption when using ecryptfs_passthrough 2009-04-22 03:54:13 -05:00
debug.c
dentry.c constify dentry_operations: ecryptfs 2009-03-27 14:44:01 -04:00
ecryptfs_kernel.h eCryptfs: Remove ecryptfs_unlink_sigs warnings 2009-04-22 04:08:46 -05:00
file.c eCryptfs: Fix data types (int/size_t) 2009-01-06 15:59:22 -08:00
inode.c eCryptfs: Fix min function comparison warning 2009-04-27 13:31:12 -05:00
Kconfig fs/Kconfig: move ecryptfs out 2009-01-22 13:15:56 +03:00
keystore.c eCryptfs: Check Tag 11 literal data buffer size 2009-07-28 14:26:06 -07:00
kthread.c CRED: Pass credentials through dentry_open() 2008-11-14 10:39:22 +11:00
main.c Convert obvious places to deactivate_locked_super() 2009-05-09 10:49:40 -04:00
Makefile eCryptfs: remove netlink transport 2008-10-16 11:21:39 -07:00
messaging.c eCryptfs: NULL pointer dereference in ecryptfs_send_miscdev() 2009-04-22 03:54:13 -05:00
miscdev.c eCryptfs: NULL pointer dereference in ecryptfs_send_miscdev() 2009-04-22 03:54:13 -05:00
mmap.c eCryptfs: Fix data corruption when using ecryptfs_passthrough 2009-04-22 03:54:13 -05:00
read_write.c eCryptfs: Fix data corruption when using ecryptfs_passthrough 2009-04-22 03:54:13 -05:00
super.c push BKL down into ->put_super 2009-06-11 21:36:07 -04:00