1
linux/fs/ecryptfs
Tyler Hicks db10e55651 eCryptfs: Sanitize write counts of /dev/ecryptfs
A malicious count value specified when writing to /dev/ecryptfs may
result in a a very large kernel memory allocation.

This patch peeks at the specified packet payload size, adds that to the
size of the packet headers and compares the result with the write count
value. The resulting maximum memory allocation size is approximately 532
bytes.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Sasha Levin <levinsasha928@gmail.com>
Cc: <stable@vger.kernel.org>
2012-01-25 14:43:39 -06:00
..
crypto.c ecryptfs: Remove unnecessary variable initialization 2012-01-25 14:43:38 -06:00
debug.c
dentry.c eCryptfs: Handle NULL nameidata pointers 2011-02-21 14:45:57 -06:00
ecryptfs_kernel.h eCryptfs: Prevent file create race condition 2011-11-23 15:39:38 -06:00
file.c eCryptfs: Flush file in vma close 2011-11-23 15:40:09 -06:00
inode.c fs: propagate umode_t, misc bits 2012-01-03 22:55:10 -05:00
Kconfig eCryptfs: fix compile error 2011-08-09 13:42:46 -05:00
keystore.c eCryptfs: Fix payload_len unitialized variable warning 2011-08-09 13:42:46 -05:00
kthread.c eCryptfs: Add reference counting to lower files 2011-04-25 18:32:37 -05:00
main.c Ecryptfs: Add mount option to check uid of device being mounted = expect uid 2011-08-09 23:29:01 -05:00
Makefile
messaging.c ecryptfs: properly mark init functions 2010-08-27 10:50:52 -05:00
miscdev.c eCryptfs: Sanitize write counts of /dev/ecryptfs 2012-01-25 14:43:39 -06:00
mmap.c eCryptfs: Unlock page in write_begin error path 2011-03-28 01:47:46 -05:00
read_write.c eCryptfs: Return error when lower file pointer is NULL 2011-08-09 13:42:45 -05:00
super.c vfs: switch ->show_options() to struct dentry * 2012-01-06 23:19:54 -05:00