diff options
author | Tyler Hicks <tyhicks@linux.vnet.ibm.com> | 2009-08-11 01:36:32 -0400 |
---|---|---|
committer | Tyler Hicks <tyhicks@linux.vnet.ibm.com> | 2009-09-23 10:10:31 -0400 |
commit | b0105eaefa7cce8f4a941d0fc6354b250d30e745 (patch) | |
tree | 60bed48ff88aa22d9ee36b64d23421cf9e50d2a8 /fs | |
parent | 382684984e93039a3bbd83b04d341b0ceb831519 (diff) |
eCryptfs: Handle unrecognized tag 3 cipher codes
Returns an error when an unrecognized cipher code is present in a tag 3
packet or an ecryptfs_crypt_stat cannot be initialized. Also sets an
crypt_stat->tfm error pointer to NULL to ensure that it will not be
incorrectly freed in ecryptfs_destroy_crypt_stat().
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: ecryptfs-devel@lists.launchpad.net
Cc: stable <stable@kernel.org>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ecryptfs/crypto.c | 1 | ||||
-rw-r--r-- | fs/ecryptfs/keystore.c | 10 |
2 files changed, 8 insertions, 3 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 931f715827ac..f92370aa5704 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -795,6 +795,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) | |||
795 | kfree(full_alg_name); | 795 | kfree(full_alg_name); |
796 | if (IS_ERR(crypt_stat->tfm)) { | 796 | if (IS_ERR(crypt_stat->tfm)) { |
797 | rc = PTR_ERR(crypt_stat->tfm); | 797 | rc = PTR_ERR(crypt_stat->tfm); |
798 | crypt_stat->tfm = NULL; | ||
798 | ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " | 799 | ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " |
799 | "Error initializing cipher [%s]\n", | 800 | "Error initializing cipher [%s]\n", |
800 | crypt_stat->cipher); | 801 | crypt_stat->cipher); |
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index f9965139c430..3a61f056acf6 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -1316,8 +1316,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
1316 | rc = -EINVAL; | 1316 | rc = -EINVAL; |
1317 | goto out_free; | 1317 | goto out_free; |
1318 | } | 1318 | } |
1319 | ecryptfs_cipher_code_to_string(crypt_stat->cipher, | 1319 | rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, |
1320 | (u16)data[(*packet_size)]); | 1320 | (u16)data[(*packet_size)]); |
1321 | if (rc) | ||
1322 | goto out_free; | ||
1321 | /* A little extra work to differentiate among the AES key | 1323 | /* A little extra work to differentiate among the AES key |
1322 | * sizes; see RFC2440 */ | 1324 | * sizes; see RFC2440 */ |
1323 | switch(data[(*packet_size)++]) { | 1325 | switch(data[(*packet_size)++]) { |
@@ -1328,7 +1330,9 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
1328 | crypt_stat->key_size = | 1330 | crypt_stat->key_size = |
1329 | (*new_auth_tok)->session_key.encrypted_key_size; | 1331 | (*new_auth_tok)->session_key.encrypted_key_size; |
1330 | } | 1332 | } |
1331 | ecryptfs_init_crypt_ctx(crypt_stat); | 1333 | rc = ecryptfs_init_crypt_ctx(crypt_stat); |
1334 | if (rc) | ||
1335 | goto out_free; | ||
1332 | if (unlikely(data[(*packet_size)++] != 0x03)) { | 1336 | if (unlikely(data[(*packet_size)++] != 0x03)) { |
1333 | printk(KERN_WARNING "Only S2K ID 3 is currently supported\n"); | 1337 | printk(KERN_WARNING "Only S2K ID 3 is currently supported\n"); |
1334 | rc = -ENOSYS; | 1338 | rc = -ENOSYS; |