<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/ecryptfs/keystore.c, branch linux-3.18.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>ecryptfs: fix dereference of NULL user_key_payload</title>
<updated>2017-11-02T08:36:48+00:00</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@google.com</email>
</author>
<published>2017-10-09T19:51:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5560a1cac11138fe3df5643c7819fd3c0d3755eb'/>
<id>5560a1cac11138fe3df5643c7819fd3c0d3755eb</id>
<content type='text'>
commit f66665c09ab489a11ca490d6a82df57cfc1bea3e upstream.

In eCryptfs, we failed to verify that the authentication token keys are
not revoked before dereferencing their payloads, which is problematic
because the payload of a revoked key is NULL.  request_key() *does* skip
revoked keys, but there is still a window where the key can be revoked
before we acquire the key semaphore.

Fix it by updating ecryptfs_get_key_payload_data() to return
-EKEYREVOKED if the key payload is NULL.  For completeness we check this
for "encrypted" keys as well as "user" keys, although encrypted keys
cannot be revoked currently.

Alternatively we could use key_validate(), but since we'll also need to
fix ecryptfs_get_key_payload_data() to validate the payload length, it
seems appropriate to just check the payload pointer.

Fixes: 237fead61998 ("[PATCH] ecryptfs: fs/Makefile and fs/Kconfig")
Reviewed-by: James Morris &lt;james.l.morris@oracle.com&gt;
Cc: Michael Halcrow &lt;mhalcrow@google.com&gt;
Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;


</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit f66665c09ab489a11ca490d6a82df57cfc1bea3e upstream.

In eCryptfs, we failed to verify that the authentication token keys are
not revoked before dereferencing their payloads, which is problematic
because the payload of a revoked key is NULL.  request_key() *does* skip
revoked keys, but there is still a window where the key can be revoked
before we acquire the key semaphore.

Fix it by updating ecryptfs_get_key_payload_data() to return
-EKEYREVOKED if the key payload is NULL.  For completeness we check this
for "encrypted" keys as well as "user" keys, although encrypted keys
cannot be revoked currently.

Alternatively we could use key_validate(), but since we'll also need to
fix ecryptfs_get_key_payload_data() to validate the payload length, it
seems appropriate to just check the payload pointer.

Fixes: 237fead61998 ("[PATCH] ecryptfs: fs/Makefile and fs/Kconfig")
Reviewed-by: James Morris &lt;james.l.morris@oracle.com&gt;
Cc: Michael Halcrow &lt;mhalcrow@google.com&gt;
Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;


</pre>
</div>
</content>
</entry>
<entry>
<title>ecryptfs: remove unnecessary break after goto</title>
<updated>2014-07-14T19:29:11+00:00</updated>
<author>
<name>Fabian Frederick</name>
<email>fabf@skynet.be</email>
</author>
<published>2014-07-08T16:30:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=04ec5f5c0022ee941615e304bc75853fe1bc94ba'/>
<id>04ec5f5c0022ee941615e304bc75853fe1bc94ba</id>
<content type='text'>
Signed-off-by: Fabian Frederick &lt;fabf@skynet.be&gt;
Cc: ecryptfs@vger.kernel.org
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Fabian Frederick &lt;fabf@skynet.be&gt;
Cc: ecryptfs@vger.kernel.org
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ecryptfs: Remove unnecessary include of syscall.h in keystore.c</title>
<updated>2014-07-03T21:38:23+00:00</updated>
<author>
<name>Steven Rostedt</name>
<email>rostedt@goodmis.org</email>
</author>
<published>2014-06-19T01:15:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=27199b15e4f027e24969f6644ce4ff414c7e6cba'/>
<id>27199b15e4f027e24969f6644ce4ff414c7e6cba</id>
<content type='text'>
There's no reason to include syscalls.h in keystore.c. Remove it.

Signed-off-by: Steven Rostedt &lt;rostedt@goodmis.org&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
There's no reason to include syscalls.h in keystore.c. Remove it.

Signed-off-by: Steven Rostedt &lt;rostedt@goodmis.org&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ecryptfs: Fix memory leakage in keystore.c</title>
<updated>2013-10-16T22:18:01+00:00</updated>
<author>
<name>Geyslan G. Bem</name>
<email>geyslan@gmail.com</email>
</author>
<published>2013-10-11T19:49:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3edc8376c06133e3386265a824869cad03a4efd4'/>
<id>3edc8376c06133e3386265a824869cad03a4efd4</id>
<content type='text'>
In 'decrypt_pki_encrypted_session_key' function:

Initializes 'payload' pointer and releases it on exit.

Signed-off-by: Geyslan G. Bem &lt;geyslan@gmail.com&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Cc: stable@vger.kernel.org # v2.6.28+
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In 'decrypt_pki_encrypted_session_key' function:

Initializes 'payload' pointer and releases it on exit.

Signed-off-by: Geyslan G. Bem &lt;geyslan@gmail.com&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Cc: stable@vger.kernel.org # v2.6.28+
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: allow userspace messaging to be disabled</title>
<updated>2013-03-04T07:59:59+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2013-02-28T08:39:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=290502bee239062499297916bb7d21d205e99d62'/>
<id>290502bee239062499297916bb7d21d205e99d62</id>
<content type='text'>
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: decrypt_pki_encrypted_session_key(): remove kfree() redundant null check</title>
<updated>2013-02-12T18:06:01+00:00</updated>
<author>
<name>Tim Gardner</name>
<email>tim.gardner@canonical.com</email>
</author>
<published>2013-02-12T17:56:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3a46741804a4226cd837d1246eed95d4161f7159'/>
<id>3a46741804a4226cd837d1246eed95d4161f7159</id>
<content type='text'>
smatch analysis:

fs/ecryptfs/keystore.c:1206 decrypt_pki_encrypted_session_key() info:
 redundant null check on msg calling kfree()

Cc: Dustin Kirkland &lt;dustin.kirkland@gazzang.com&gt;
Cc: ecryptfs@vger.kernel.org
Signed-off-by: Tim Gardner &lt;tim.gardner@canonical.com&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
smatch analysis:

fs/ecryptfs/keystore.c:1206 decrypt_pki_encrypted_session_key() info:
 redundant null check on msg calling kfree()

Cc: Dustin Kirkland &lt;dustin.kirkland@gazzang.com&gt;
Cc: ecryptfs@vger.kernel.org
Signed-off-by: Tim Gardner &lt;tim.gardner@canonical.com&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: initialize payload_len in keystore.c</title>
<updated>2013-01-17T19:31:25+00:00</updated>
<author>
<name>Simon Que</name>
<email>sque@chromium.org</email>
</author>
<published>2013-01-17T19:18:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fa5199648e273a5e3e80aca41c1eb53700438dc1'/>
<id>fa5199648e273a5e3e80aca41c1eb53700438dc1</id>
<content type='text'>
This is meant to remove a compiler warning.  It should not make any
functional change.

payload_len should be initialized when it is passed to
write_tag_64_packet() as a pointer.  If that call fails, this function
should return early, and payload_len won't be used.

Signed-off-by: Simon Que &lt;sque@chromium.org&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This is meant to remove a compiler warning.  It should not make any
functional change.

payload_len should be initialized when it is passed to
write_tag_64_packet() as a pointer.  If that call fails, this function
should return early, and payload_len won't be used.

Signed-off-by: Simon Que &lt;sque@chromium.org&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: Improve statfs reporting</title>
<updated>2012-02-16T22:06:21+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@canonical.com</email>
</author>
<published>2011-11-05T17:45:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4a26620df451ad46151ad21d711ed43e963c004e'/>
<id>4a26620df451ad46151ad21d711ed43e963c004e</id>
<content type='text'>
statfs() calls on eCryptfs files returned the wrong filesystem type and,
when using filename encryption, the wrong maximum filename length.

If mount-wide filename encryption is enabled, the cipher block size and
the lower filesystem's max filename length will determine the max
eCryptfs filename length. Pre-tested, known good lengths are used when
the lower filesystem's namelen is 255 and a cipher with 8 or 16 byte
block sizes is used. In other, less common cases, we fall back to a safe
rounded-down estimate when determining the eCryptfs namelen.

https://launchpad.net/bugs/885744

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Reported-by: Kees Cook &lt;keescook@chromium.org&gt;
Reviewed-by: Kees Cook &lt;keescook@chromium.org&gt;
Reviewed-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
statfs() calls on eCryptfs files returned the wrong filesystem type and,
when using filename encryption, the wrong maximum filename length.

If mount-wide filename encryption is enabled, the cipher block size and
the lower filesystem's max filename length will determine the max
eCryptfs filename length. Pre-tested, known good lengths are used when
the lower filesystem's namelen is 255 and a cipher with 8 or 16 byte
block sizes is used. In other, less common cases, we fall back to a safe
rounded-down estimate when determining the eCryptfs namelen.

https://launchpad.net/bugs/885744

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Reported-by: Kees Cook &lt;keescook@chromium.org&gt;
Reviewed-by: Kees Cook &lt;keescook@chromium.org&gt;
Reviewed-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: Replace miscdev read/write magic numbers</title>
<updated>2012-01-25T20:43:40+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@canonical.com</email>
</author>
<published>2012-01-14T15:46:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=48399c0b0e6172888a2e2e36df1595ab1e049ba8'/>
<id>48399c0b0e6172888a2e2e36df1595ab1e049ba8</id>
<content type='text'>
ecryptfs_miscdev_read() and ecryptfs_miscdev_write() contained many
magic numbers for specifying packet header field sizes and offsets. This
patch defines those values and replaces the magic values.

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
ecryptfs_miscdev_read() and ecryptfs_miscdev_write() contained many
magic numbers for specifying packet header field sizes and offsets. This
patch defines those values and replaces the magic values.

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: Fix payload_len unitialized variable warning</title>
<updated>2011-08-09T18:42:46+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@linux.vnet.ibm.com</email>
</author>
<published>2011-08-05T09:15:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=99b373ff2d1246f64b97a3d449a2fd6018d504e6'/>
<id>99b373ff2d1246f64b97a3d449a2fd6018d504e6</id>
<content type='text'>
fs/ecryptfs/keystore.c: In function ‘ecryptfs_generate_key_packet_set’:
fs/ecryptfs/keystore.c:1991:28: warning: ‘payload_len’ may be used uninitialized in this function [-Wuninitialized]
fs/ecryptfs/keystore.c:1976:9: note: ‘payload_len’ was declared here

Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
fs/ecryptfs/keystore.c: In function ‘ecryptfs_generate_key_packet_set’:
fs/ecryptfs/keystore.c:1991:28: warning: ‘payload_len’ may be used uninitialized in this function [-Wuninitialized]
fs/ecryptfs/keystore.c:1976:9: note: ‘payload_len’ was declared here

Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
