diff options
author | Michael Halcrow <mhalcrow@us.ibm.com> | 2007-10-16 01:27:58 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-10-16 09:43:11 -0700 |
commit | 146a46063b282375015d4b2dad4a94f206bbea4e (patch) | |
tree | 6cda58777b94ab8c402e34df5cc24449776ad87f /fs/ecryptfs/keystore.c | |
parent | f648104a0d44d7c551f8025ad7e50c4815d3b6eb (diff) | |
download | kernel_samsung_smdk4412-146a46063b282375015d4b2dad4a94f206bbea4e.tar.gz kernel_samsung_smdk4412-146a46063b282375015d4b2dad4a94f206bbea4e.tar.bz2 kernel_samsung_smdk4412-146a46063b282375015d4b2dad4a94f206bbea4e.zip |
eCryptfs: fix Tag 11 writing code
Fix up the Tag 11 writing code to handle size limits and boundaries more
explicitly. It looks like the packet length was 1 shorter than it should have
been, chopping off the last byte of the key identifier. This is largely
inconsequential, since it is not much more likely that a key identifier
collision will occur with 7 bytes rather than 8. This patch fixes the packet
to use the full number of bytes that were originally intended to be used for
the key identifier.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs/keystore.c')
-rw-r--r-- | fs/ecryptfs/keystore.c | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index aedff506899..190e2a01d8b 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -1449,47 +1449,52 @@ out: * Returns zero on success; non-zero on error. */ static int -write_tag_11_packet(char *dest, int max, char *contents, size_t contents_length, - size_t *packet_length) +write_tag_11_packet(char *dest, int *remaining_bytes, char *contents, + size_t contents_length, size_t *packet_length) { size_t packet_size_length; + size_t max_packet_size; int rc = 0; (*packet_length) = 0; - if ((13 + contents_length) > max) { + /* This format is inspired by OpenPGP; see RFC 2440 + * packet tag 11 */ + max_packet_size = (1 /* Tag 11 identifier */ + + 3 /* Max Tag 11 packet size */ + + 1 /* Binary format specifier */ + + 1 /* Filename length */ + + 8 /* Filename ("_CONSOLE") */ + + 4 /* Modification date */ + + contents_length); /* Literal data */ + if (max_packet_size > (*remaining_bytes)) { + printk(KERN_ERR "Packet length larger than maximum allowable; " + "need up to [%d] bytes, but there are only [%d] " + "available\n", max_packet_size, (*remaining_bytes)); rc = -EINVAL; - ecryptfs_printk(KERN_ERR, "Packet length larger than " - "maximum allowable\n"); goto out; } - /* General packet header */ - /* Packet tag */ dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE; - /* Packet length */ rc = write_packet_length(&dest[(*packet_length)], - (13 + contents_length), &packet_size_length); + (max_packet_size - 4), &packet_size_length); if (rc) { - ecryptfs_printk(KERN_ERR, "Error generating tag 11 packet " - "header; cannot generate packet length\n"); + printk(KERN_ERR "Error generating tag 11 packet header; cannot " + "generate packet length. rc = [%d]\n", rc); goto out; } (*packet_length) += packet_size_length; - /* Tag 11 specific */ - /* One-octet field that describes how the data is formatted */ - dest[(*packet_length)++] = 0x62; /* binary data */ - /* One-octet filename length followed by filename */ + dest[(*packet_length)++] = 0x62; /* binary data format specifier */ dest[(*packet_length)++] = 8; memcpy(&dest[(*packet_length)], "_CONSOLE", 8); (*packet_length) += 8; - /* Four-octet number indicating modification date */ memset(&dest[(*packet_length)], 0x00, 4); (*packet_length) += 4; - /* Remainder is literal data */ memcpy(&dest[(*packet_length)], contents, contents_length); (*packet_length) += contents_length; out: if (rc) (*packet_length) = 0; + else + (*remaining_bytes) -= (*packet_length); return rc; } |