ecryptfs: Could not parse tag 70 packet from filename

Bug #357345 reported by Dustin Kirkland  on 2009-04-07
24
This bug affects 2 people
Affects Status Importance Assigned to Milestone
eCryptfs
Medium
Tyler Hicks
linux (Ubuntu)
Undecided
Unassigned
Jaunty
Medium
Tim Gardner

Bug Description

My dmesg is flooded with these on an up-to-date jaunty kernel.

[ 45.653441] ecryptfs_parse_tag_70_packet: max_packet_size is [56]; real packet size is [51]
[ 45.653444] ecryptfs_decode_and_decrypt_filename: Could not parse tag 70 packet from filename; copying through filename as-is

This was initially reported in Bug #331082. I'm opening here because it's a separate issue.

Looking at the underlying data, I cannot find any non-encrypted filenames.

Furthermore, I don't see any encrypted filenames in my cleartext mountpoint.

Please let me know how I can help debug this issue, Tyler.

:-Dustin

Changed in linux (Ubuntu):
assignee: nobody → tyhicks
importance: Undecided → Medium
status: New → Confirmed
Tyler Hicks (tyhicks) wrote :

Please apply this patch, reproduce and let me know what filename(s) are causing this issue.

Tyler Hicks (tyhicks) on 2009-04-16
Changed in ecryptfs:
assignee: nobody → tyhicks
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: Confirmed → In Progress
Dustin Kirkland  (kirkland) wrote :

Assigned the Linux task to Tim Gardner. Nominating for Jaunty SRU, hopefully this will make it into a Jaunty update kernel. Definitely not an RC blocker.

:-Dustin

Changed in linux (Ubuntu):
assignee: Tyler Hicks (tyhicks) → Tim Gardner (timg-tpi)
Tyler Hicks (tyhicks) wrote :

I meant to mention that this condition looks to be harmless. I was finally able to reproduce it on my system while building the kernel in an eCryptfs mount. make seemed to handle this correctly by passing a larger bufsiz to readlink() after receiving the truncated, encrypted target. I haven't heard of any application failures from this.

Tim Gardner (timg-tpi) on 2009-04-17
summary: - Could not parse tag 70 packet from filename
+ ecryptfs: Could not parse tag 70 packet from filename
Tim Gardner (timg-tpi) wrote :

SRU Justification

Impact: Soft linked file names can produce alarming warnings in dmesg
(and are not actually encrypted, thereby leaking information)

Patch: http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=commit;h=a63b7d7beeaa1f8f33369cab6419831fa8991e40

Patch Description: When using filename encryption with eCryptfs, the value of the symlink in the lower filesystem is encrypted and stored as a Tag 70 packet. This results in a longer symlink target than if the target value wasn't encrypted.

Test Case: dmesg flood stops

Changed in linux (Ubuntu Jaunty):
milestone: none → jaunty-updates
status: In Progress → Fix Committed
Tyler Hicks (tyhicks) wrote :
Changed in ecryptfs:
status: In Progress → Fix Committed
Tim Gardner (timg-tpi) wrote :

It's in Linus tree, so I think we can consider the patch effectively released.

Changed in linux (Ubuntu):
assignee: Tim Gardner (timg-tpi) → nobody
importance: Medium → Undecided
milestone: jaunty-updates → none
status: Fix Committed → Fix Released
Tyler Hicks (tyhicks) wrote :
Changed in ecryptfs:
status: Fix Committed → Fix Released
Steve Langasek (vorlon) wrote :

Accepted linux into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.28-13.44

---------------
linux (2.6.28-13.44) jaunty-proposed; urgency=low

  [ Stefan Bader ]

  * Revert "SAUCE: [jaunty] ALSA: Add retry for Intel8x0 clock measurement"
  * Revert "SAUCE: [jaunty] ALSA: Fix clock and buffer calculations for
    Intel8x0"
  * Revert "SAUCE: [jaunty] ALSA: Fix buffer positions and checks"

linux (2.6.28-12.43) jaunty-proposed; urgency=low

  [ Amit Kucheria ]

  * Enable SYN_COOKIES for iop32x and versatile flavours
    - LP: #361687
  * SAUCE: Quirk for BT USB device on MacbookPro to be reset before use
    - LP: #332443

  [ Brad Figg ]

  * [jaunty] Add missing mvsas (Marvel SAS 6440) module configuration.
    - LP: #352336

  [ Chuck Short ]

  * SAUCE: [USB] Unusual Device support for Gold MP3 Player Energy
    - LP: #125250

  [ Daniel T Chen ]

  * SAUCE: [jaunty] ALSA: Fix buffer positions and checks
    - LP: #345627
  * SAUCE: [jaunty] ALSA: Fix clock and buffer calculations for Intel8x0
    - LP: #345627
  * SAUCE: [jaunty] ALSA: Add retry for Intel8x0 clock measurement
    - LP: #345627

  [ Luke Yelavich ]

  * disable CONFIG_SND_HDA_INPUT_BEEP on amd64 and i386
    - LP: #331589

  [ Makito SHIOKAWA ]

  * [ARM] 5404/1: Fix condition in arm_elf_read_implies_exec() to set
    READ_IMPLIES_EXEC
    - LP: #364358

  [ Manoj Iyer ]

  * SAUCE: Added quirk to fix key release for Samsung NC20
    - LP: #360247

  [ Oleg Nesterov ]

  * posix timers: fix RLIMIT_CPU && fork()
    - LP: #361508

  [ Scott James Remnant ]

  * [Config] Disable libusual and the ub driver
    - LP: #364538

  [ Stefan Bader ]

  * Disable unwanted staging builds
    - LP: #366144
  * Remove prism2_usb driver from ubuntu and use the one from staging
    - LP: #325366
  * SAUCE: Make rtl8187se depend on WIRELESS_EXT
    - LP: #366144
  * Disable CONFIG_RTL8187SE for armel.versatile
    - LP: #366144

  [ Tejun Heo ]

  * libata: handle SEMB signature better
    - LP: #257790

  [ Tim Gardner ]

  * Set USB_SERIAL=m for i386/amd64
    - LP: #345002
  * SAUCE: Jaunty - aic79xx - set reset delay to 5 seconds, down from 15.
    - LP: #79542
  * SAUCE: (drop after 2.6.28) Wifi suspend/resume scan timeout fixes
    - LP: #336055
  * Sony laptop: Sony Vaio laptops do not enable wwan power by default.
    - LP: #364678

  [ Tyler Hicks ]

  * SAUCE: (drop after 2.6.28) eCryptfs: Larger buffer for encrypted
    symlink targets
    - LP: #357345

  [ Upstream Kernel Changes ]

  * V4L/DVB (9999): gspca - zc3xx: Webcam 046d:089d added.
    - LP: #326674
  * V4L/DVB (10044): gspca - pac7311: Webcam 093a:2620 added.
    - LP: #363195
  * hwmon: (it87) Add support for the ITE IT8720F
    - LP: #357766
  * vgacon: Return the upper half of 512 character fonts
    - LP: #355057
  * drm/i915: add support for G41 chipset
    - LP: #365958

 -- Stefan Bader <email address hidden> Mon, 25 May 2009 17:30:40 +0200

Changed in linux (Ubuntu Jaunty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers