| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Jun 2023 17:11:55 +0800
From: Yiyuan Guo <yguoaz@...il.com>
To: code@...icks.com
Cc: viro@...iv.linux.org.uk, brauner@...nel.org,
ecryptfs@...r.kernel.org, linux-kernel@...r.kernel.org,
yguoaz@...il.com
Subject: [PATCH] ecryptfs: keystore: Fix a buffer overrun in write_tag_66_packet()
The encrypted key of a TAG 66 Packet includes 1 byte cipher code and 2
byte checksum, but the allocation size `data_len` ignores the extra 3
bytes. Fix the allocation size to avoid buffer overrun.
Signed-off-by: Yiyuan Guo <yguoaz@...il.com>
---
fs/ecryptfs/keystore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 2452d6fd7062..5cab0b800a03 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -302,7 +302,7 @@ write_tag_66_packet(char *signature, u8 cipher_code,
* | File Encryption Key Size | 1 or 2 bytes |
* | File Encryption Key | arbitrary |
*/
- data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
+ data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size + 3);
*packet = kmalloc(data_len, GFP_KERNEL);
message = *packet;
if (!message) {
--
2.25.1
Powered by blists - more mailing lists