[PATCH 3.16.y-ckt 155/216] eCryptfs: Remove buggy and unnecessary write in file name decode routine

Mon Jan 12 18:28:53 UTC 2015

3.16.7-ckt4 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Michael Halcrow <mhalcrow at google.com>

commit 942080643bce061c3dd9d5718d3b745dcb39a8bc upstream.

Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the
end of the allocated buffer during encrypted filename decoding. This
fix corrects the issue by getting rid of the unnecessary 0 write when
the current bit offset is 2.

Signed-off-by: Michael Halcrow <mhalcrow at google.com>
Reported-by: Dmitry Chernenkov <dmitryc at google.com>
Suggested-by: Kees Cook <keescook at chromium.org>
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 fs/ecryptfs/crypto.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 2f6735dbf1a9..31b148f3e772 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
 			break;
 		case 2:
 			dst[dst_byte_offset++] |= (src_byte);
-			dst[dst_byte_offset] = 0;
 			current_bit_offset = 0;
 			break;
 		}
-- 
2.1.4



