diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2011-11-05 13:45:08 -0400 |
|---|---|---|
| committer | Tyler Hicks <tyhicks@canonical.com> | 2012-02-16 17:06:21 -0500 |
| commit | 4a26620df451ad46151ad21d711ed43e963c004e (patch) | |
| tree | bf035ea6a656b3e19fe93bf37991632cad96d971 /fs/ecryptfs/keystore.c | |
| parent | c38e23456278e967f094b08247ffc3711b1029b2 (diff) | |
eCryptfs: Improve statfs reporting
statfs() calls on eCryptfs files returned the wrong filesystem type and,
when using filename encryption, the wrong maximum filename length.
If mount-wide filename encryption is enabled, the cipher block size and
the lower filesystem's max filename length will determine the max
eCryptfs filename length. Pre-tested, known good lengths are used when
the lower filesystem's namelen is 255 and a cipher with 8 or 16 byte
block sizes is used. In other, less common cases, we fall back to a safe
rounded-down estimate when determining the eCryptfs namelen.
https://launchpad.net/bugs/885744
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'fs/ecryptfs/keystore.c')
| -rw-r--r-- | fs/ecryptfs/keystore.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 8e3b943e330f..2333203a120b 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
| @@ -679,10 +679,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
| 679 | * Octets N3-N4: Block-aligned encrypted filename | 679 | * Octets N3-N4: Block-aligned encrypted filename |
| 680 | * - Consists of a minimum number of random characters, a \0 | 680 | * - Consists of a minimum number of random characters, a \0 |
| 681 | * separator, and then the filename */ | 681 | * separator, and then the filename */ |
| 682 | s->max_packet_size = (1 /* Tag 70 identifier */ | 682 | s->max_packet_size = (ECRYPTFS_TAG_70_MAX_METADATA_SIZE |
| 683 | + 3 /* Max Tag 70 packet size */ | ||
| 684 | + ECRYPTFS_SIG_SIZE /* FNEK sig */ | ||
| 685 | + 1 /* Cipher identifier */ | ||
| 686 | + s->block_aligned_filename_size); | 683 | + s->block_aligned_filename_size); |
| 687 | if (dest == NULL) { | 684 | if (dest == NULL) { |
| 688 | (*packet_size) = s->max_packet_size; | 685 | (*packet_size) = s->max_packet_size; |
| @@ -934,10 +931,10 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
| 934 | goto out; | 931 | goto out; |
| 935 | } | 932 | } |
| 936 | s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | 933 | s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; |
| 937 | if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) { | 934 | if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) { |
| 938 | printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be " | 935 | printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be " |
| 939 | "at least [%d]\n", __func__, max_packet_size, | 936 | "at least [%d]\n", __func__, max_packet_size, |
| 940 | (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)); | 937 | ECRYPTFS_TAG_70_MIN_METADATA_SIZE); |
| 941 | rc = -EINVAL; | 938 | rc = -EINVAL; |
| 942 | goto out; | 939 | goto out; |
| 943 | } | 940 | } |