FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

LinkBack Thread Tools
Old 03-05-2012, 11:21 AM
Colin King
Default eCryptfs: Sanitize write counts of /dev/ecryptfs

From: Colin Ian King <colin.king@canonical.com>

BugLink: http://bugs.launchpad.net/bugs/947075

SRU justification:


A malicious count value specified when writing to /dev/ecryptfs may
result in a very large kernel memory allocation.


Upstream commit db10e556518eb9d21ee92ff944530d84349684f4

Test case:

By crafting a ECRYPTFS_MSG_RESPONSE packet and passing a large
write size we can cause a large kernel memory allocation. With
the fix EINVAL is returned. See the example code below:

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>

int main(void)
unsigned char buf[] = { 103, 0, 0, 0, 0, 220 };
ssize_t written;
int miscdev;

miscdev = open("/dev/ecryptfs", O_WRONLY);
if (miscdev < 0)
return 1;

written = write(miscdev, buf, 1073741824);


/* The write should fail */
return written < 0 ? 0 : 2;

Note: This patch has already been picked up in Lucid as part of
the stable updates process, but got overlooked for Natty.

Tyler Hicks (1):
eCryptfs: Extend array bounds for all filename chars

fs/ecryptfs/crypto.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)


kernel-team mailing list

Thread Tools

All times are GMT. The time now is 09:13 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org