diff options
author | Andre Osterhues <aosterhues@escrypt.com> | 2010-07-13 16:59:17 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-07-28 22:59:24 -0400 |
commit | a6f80fb7b5986fda663d94079d3bba0937a6b6ff (patch) | |
tree | b8a44b0ed1560ae3f00f1ff4e342f43b7422bcc3 /fs/ecryptfs/messaging.c | |
parent | 6c50e1a49b4377b760ee46f824ed04b17be913e3 (diff) |
ecryptfs: Bugfix for error related to ecryptfs_hash_buckets
The function ecryptfs_uid_hash wrongly assumes that the
second parameter to hash_long() is the number of hash
buckets instead of the number of hash bits.
This patch fixes that and renames the variable
ecryptfs_hash_buckets to ecryptfs_hash_bits to make it
clearer.
Fixes: CVE-2010-2492
Signed-off-by: Andre Osterhues <aosterhues@escrypt.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs/messaging.c')
-rw-r--r-- | fs/ecryptfs/messaging.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c index 2d8dbce9d485..46c4dd8dfcc3 100644 --- a/fs/ecryptfs/messaging.c +++ b/fs/ecryptfs/messaging.c | |||
@@ -31,9 +31,9 @@ static struct mutex ecryptfs_msg_ctx_lists_mux; | |||
31 | 31 | ||
32 | static struct hlist_head *ecryptfs_daemon_hash; | 32 | static struct hlist_head *ecryptfs_daemon_hash; |
33 | struct mutex ecryptfs_daemon_hash_mux; | 33 | struct mutex ecryptfs_daemon_hash_mux; |
34 | static int ecryptfs_hash_buckets; | 34 | static int ecryptfs_hash_bits; |
35 | #define ecryptfs_uid_hash(uid) \ | 35 | #define ecryptfs_uid_hash(uid) \ |
36 | hash_long((unsigned long)uid, ecryptfs_hash_buckets) | 36 | hash_long((unsigned long)uid, ecryptfs_hash_bits) |
37 | 37 | ||
38 | static u32 ecryptfs_msg_counter; | 38 | static u32 ecryptfs_msg_counter; |
39 | static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; | 39 | static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; |
@@ -486,18 +486,19 @@ int ecryptfs_init_messaging(void) | |||
486 | } | 486 | } |
487 | mutex_init(&ecryptfs_daemon_hash_mux); | 487 | mutex_init(&ecryptfs_daemon_hash_mux); |
488 | mutex_lock(&ecryptfs_daemon_hash_mux); | 488 | mutex_lock(&ecryptfs_daemon_hash_mux); |
489 | ecryptfs_hash_buckets = 1; | 489 | ecryptfs_hash_bits = 1; |
490 | while (ecryptfs_number_of_users >> ecryptfs_hash_buckets) | 490 | while (ecryptfs_number_of_users >> ecryptfs_hash_bits) |
491 | ecryptfs_hash_buckets++; | 491 | ecryptfs_hash_bits++; |
492 | ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head) | 492 | ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head) |
493 | * ecryptfs_hash_buckets), GFP_KERNEL); | 493 | * (1 << ecryptfs_hash_bits)), |
494 | GFP_KERNEL); | ||
494 | if (!ecryptfs_daemon_hash) { | 495 | if (!ecryptfs_daemon_hash) { |
495 | rc = -ENOMEM; | 496 | rc = -ENOMEM; |
496 | printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); | 497 | printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); |
497 | mutex_unlock(&ecryptfs_daemon_hash_mux); | 498 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
498 | goto out; | 499 | goto out; |
499 | } | 500 | } |
500 | for (i = 0; i < ecryptfs_hash_buckets; i++) | 501 | for (i = 0; i < (1 << ecryptfs_hash_bits); i++) |
501 | INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]); | 502 | INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]); |
502 | mutex_unlock(&ecryptfs_daemon_hash_mux); | 503 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
503 | ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) | 504 | ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) |
@@ -554,7 +555,7 @@ void ecryptfs_release_messaging(void) | |||
554 | int i; | 555 | int i; |
555 | 556 | ||
556 | mutex_lock(&ecryptfs_daemon_hash_mux); | 557 | mutex_lock(&ecryptfs_daemon_hash_mux); |
557 | for (i = 0; i < ecryptfs_hash_buckets; i++) { | 558 | for (i = 0; i < (1 << ecryptfs_hash_bits); i++) { |
558 | int rc; | 559 | int rc; |
559 | 560 | ||
560 | hlist_for_each_entry(daemon, elem, | 561 | hlist_for_each_entry(daemon, elem, |