eCryptfs: Sanitize write counts of /dev/ecryptfs
authorTyler Hicks <tyhicks@canonical.com>
Thu, 12 Jan 2012 10:30:44 +0000 (11:30 +0100)
committerSimone Willett <swillett@nvidia.com>
Fri, 10 Feb 2012 02:19:58 +0000 (18:19 -0800)
commit59f421c67d1dd3f5f065bff8f2f83088527f2752
tree53fe42bfbba25feff5f0f28244ac31d50029da47
parentaabe1fc475ab7121bd0d9503a6cd65bad01ebda6
eCryptfs: Sanitize write counts of /dev/ecryptfs

commit db10e556518eb9d21ee92ff944530d84349684f4 upstream.

A malicious count value specified when writing to /dev/ecryptfs may
result in a a very large kernel memory allocation.

This patch peeks at the specified packet payload size, adds that to the
size of the packet headers and compares the result with the write count
value. The resulting maximum memory allocation size is approximately 532
bytes.

Change-Id: I4fe5831fb58f9de76c81aa4b60efa93cb100dab8
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Reviewed-on: http://git-master/r/79648
Reviewed-by: Automatic_Commit_Validation_User
fs/ecryptfs/miscdev.c