Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 13218179 authored by Michael Halcrow's avatar Michael Halcrow Committed by Linus Torvalds
Browse files

eCryptfs: fix Tag 1 parsing code 



Fix up the Tag 1 parsing code to handle size limits and boundaries more
explicitly.  Initialize the new auth_tok's flags.

Signed-off-by: default avatarMichael Halcrow <mhalcrow@us.ibm.com>
Cc: Josef Sipek <jsipek@fsl.cs.sunysb.edu>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 956159c3

fs/ecryptfs/keystore.c

+33 −45
Original line number Diff line number Diff line
@@ -512,20 +512,26 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, 


	(*packet_size) = 0;

	(*new_auth_tok) = NULL;



	/* we check that:

	 *   one byte for the Tag 1 ID flag

	 *   two bytes for the body size

	 * do not exceed the maximum_packet_size

	/**

	 * This format is inspired by OpenPGP; see RFC 2440

	 * packet tag 1

	 *

	 * Tag 1 identifier (1 byte)

	 * Max Tag 1 packet size (max 3 bytes)

	 * Version (1 byte)

	 * Key identifier (8 bytes; ECRYPTFS_SIG_SIZE)

	 * Cipher identifier (1 byte)

	 * Encrypted key size (arbitrary)

	 *

	 * 12 bytes minimum packet size

	 */

	if (unlikely((*packet_size) + 3 > max_packet_size)) {

		ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n");

	if (unlikely(max_packet_size < 12)) {

		printk(KERN_ERR "Invalid max packet size; must be >=12\n");

		rc = -EINVAL;

		goto out;

	}

	/* check for Tag 1 identifier - one byte */

	if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) {

		ecryptfs_printk(KERN_ERR, "Enter w/ first byte != 0x%.2x\n",

		printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",

		       ECRYPTFS_TAG_1_PACKET_TYPE);

		rc = -EINVAL;

		goto out;
@@ -533,51 +539,37 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, 
	/* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or

	 * at end of function upon failure */

	auth_tok_list_item =

		kmem_cache_alloc(ecryptfs_auth_tok_list_item_cache,

		kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache,

				  GFP_KERNEL);

	if (!auth_tok_list_item) {

		ecryptfs_printk(KERN_ERR, "Unable to allocate memory\n");

		printk(KERN_ERR "Unable to allocate memory\n");

		rc = -ENOMEM;

		goto out;

	}

	memset(auth_tok_list_item, 0,

	       sizeof(struct ecryptfs_auth_tok_list_item));

	(*new_auth_tok) = &auth_tok_list_item->auth_tok;

	/* check for body size - one to two bytes

	 *

	 *              ***** TAG 1 Packet Format *****

	 *    | version number                     | 1 byte       |

	 *    | key ID                             | 8 bytes      |

	 *    | public key algorithm               | 1 byte       |

	 *    | encrypted session key              | arbitrary    |

	 */

	rc = parse_packet_length(&data[(*packet_size)], &body_size,

				 &length_size);

	if (rc) {

		ecryptfs_printk(KERN_WARNING, "Error parsing packet length; "

	if ((rc = parse_packet_length(&data[(*packet_size)], &body_size,

				      &length_size))) {

		printk(KERN_WARNING "Error parsing packet length; "

		       "rc = [%d]\n", rc);

		goto out_free;

	}

	if (unlikely(body_size < (0x02 + ECRYPTFS_SIG_SIZE))) {

		ecryptfs_printk(KERN_WARNING, "Invalid body size ([%d])\n",

				body_size);

	if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) {

		printk(KERN_WARNING "Invalid body size ([%d])\n", body_size);

		rc = -EINVAL;

		goto out_free;

	}

	(*packet_size) += length_size;

	if (unlikely((*packet_size) + body_size > max_packet_size)) {

		ecryptfs_printk(KERN_ERR, "Packet size exceeds max\n");

		printk(KERN_WARNING "Packet size exceeds max\n");

		rc = -EINVAL;

		goto out_free;

	}

	/* Version 3 (from RFC2440) - one byte */

	if (unlikely(data[(*packet_size)++] != 0x03)) {

		ecryptfs_printk(KERN_DEBUG, "Unknown version number "

				"[%d]\n", data[(*packet_size) - 1]);

		printk(KERN_WARNING "Unknown version number [%d]\n",

		       data[(*packet_size) - 1]);

		rc = -EINVAL;

		goto out_free;

	}

	/* Read Signature */

	ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature,

			&data[(*packet_size)], ECRYPTFS_SIG_SIZE);

	*packet_size += ECRYPTFS_SIG_SIZE;
@@ -585,27 +577,23 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, 
	 * know which public key encryption algorithm was used */

	(*packet_size)++;

	(*new_auth_tok)->session_key.encrypted_key_size =

		body_size - (0x02 + ECRYPTFS_SIG_SIZE);

		body_size - (ECRYPTFS_SIG_SIZE + 2);

	if ((*new_auth_tok)->session_key.encrypted_key_size

	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {

		ecryptfs_printk(KERN_ERR, "Tag 1 packet contains key larger "

		printk(KERN_WARNING "Tag 1 packet contains key larger "

		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");

		rc = -EINVAL;

		goto out;

	}

	ecryptfs_printk(KERN_DEBUG, "Encrypted key size = [%d]\n",

			(*new_auth_tok)->session_key.encrypted_key_size);

	memcpy((*new_auth_tok)->session_key.encrypted_key,

	       &data[(*packet_size)], (body_size - 0x02 - ECRYPTFS_SIG_SIZE));

	       &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));

	(*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size;

	(*new_auth_tok)->session_key.flags &=

		~ECRYPTFS_CONTAINS_DECRYPTED_KEY;

	(*new_auth_tok)->session_key.flags |=

		ECRYPTFS_CONTAINS_ENCRYPTED_KEY;

	(*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;

	(*new_auth_tok)->flags |= ECRYPTFS_PRIVATE_KEY;

	/* TODO: Why are we setting this flag here? Don't we want the

	 * userspace to decrypt the session key? */

	(*new_auth_tok)->flags = 0;

	(*new_auth_tok)->session_key.flags &=

		~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);

	(*new_auth_tok)->session_key.flags &=