NULL crypt_stat dereference during lookup
Bug #345766 reported by
Tyler Hicks
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Fix Released
|
High
|
Tyler Hicks | ||
ecryptfs-utils (Ubuntu) |
Invalid
|
Undecided
|
Dustin Kirkland | ||
Jaunty |
Invalid
|
Undecided
|
Dustin Kirkland | ||
linux (Ubuntu) |
Fix Released
|
Medium
|
Tim Gardner | ||
Jaunty |
Fix Released
|
Medium
|
Tim Gardner |
Bug Description
If ecryptfs_
Reproduce:
---
# mount -t ecryptfs lower upper
# touch upper/oops
# umout upper
# mount -t ecryptfs lower upper -o ecryptfs_
# ls upper/
---
You should have seen an oops after running `ls`.
Changed in linux (Ubuntu): | |
assignee: | nobody → timg-tpi |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in linux (Ubuntu Jaunty): | |
milestone: | none → ubuntu-9.04 |
To post a comment you must log in.
---
Subject: [PATCH] eCryptfs: NULL crypt_stat dereference during lookup
If ecryptfs_ encrypted_ view or ecryptfs_ xattr_metadata were being
specified as mount options, a NULL pointer dereference was possible
during lookup.
This patch moves the crypt_stat assignment into lookup_ and_interpose_ lower() , ensuring that crypt_stat
ecryptfs_
will not be NULL before we attempt to dereference it.
Thanks to Dan Carpenter and his static analysis tool, smatch, for
finding this bug.
Signed-off-by: Tyler Hicks <email address hidden>
---
Sent upstream: http:// thread. gmane.org/ gmane.linux. kernel/ 809706