| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1472346808-3213-1-git-send-email-chao@kernel.org>
Date: Sun, 28 Aug 2016 09:13:28 +0800
From: Chao Yu <chao@...nel.org>
To: tytso@....edu, jaegeuk@...nel.org
Cc: linux-f2fs-devel@...ts.sourceforge.net, linux-ext4@...r.kernel.org,
linux-kernel@...r.kernel.org, Chao Yu <yuchao0@...wei.com>
Subject: [PATCH] fscrypto: fix to null-terminate encrypted filename in fname_encrypt
From: Chao Yu <yuchao0@...wei.com>
This patch fixes to add null character at the end of encrypted filename
in fname_encrypt, in order to avoid incorrectly traversing random data
located after target filename. The call stack is as below:
- f2fs_add_link
- __f2fs_add_link
- fscrypt_setup_filename
- fscrypt_fname_alloc_buffer allocate buffer for @fname
- fname_encrypt didn't set null character for @fname
- f2fs_add_regular_entry init qstr with @fname
- init_inode_metadata
- f2fs_init_security
- security_inode_init_security
- selinux_inode_init_security
- selinux_determine_inode_label
- security_transition_sid
- security_compute_sid
- filename_compute_type
- hashtab_search
- filenametr_hash traverse @fname as one which has null character
Signed-off-by: Chao Yu <yuchao0@...wei.com>
---
fs/crypto/fname.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index 5d6d491..5c356c0 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -110,6 +110,7 @@ static int fname_encrypt(struct inode *inode,
"%s: Error (error code %d)\n", __func__, res);
oname->len = ciphertext_len;
+ oname->name[oname->len] = 0;
return res;
}
--
2.7.2
Powered by blists - more mailing lists