eCryptfs: Infinite loop due to overflow in ecryptfs_write()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Colin Ian King | ||
Natty |
Fix Released
|
Undecided
|
Colin Ian King | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU justification: (Natty)
Impact:
ecryptfs_write() can enter an infinite loop when truncating a file to a
size larger than 4G. This only happens on architectures where size_t is
represented by 32 bits.
This was caused by a size_t overflow due to it incorrectly being used to
store the result of a calculation which uses potentially large values of
type loff_t.
Fix:
Upstream commit 684a3ff7e69acc7
Testcase:
Truncating a non-existent file to 5GB on a 32 bit system
will cause the truncate to get stuck in an infinite loop
once the lower file is greater than 1GB. Without the fix,
the following will get stuck:
truncate bigfile -s 5G
With, the fix, the file is truncated to 5GB as expected.
Related branches
CVE References
Changed in linux (Ubuntu): | |
assignee: | nobody → Colin King (colin-king) |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 947143
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.