eCryptfs: Infinite loop due to overflow in ecryptfs_write()

Bug #947143 reported by Colin Ian King on 2012-03-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Colin Ian King
Natty
Undecided
Colin Ian King
Oneiric
Undecided
Unassigned

Bug Description

SRU justification: (Natty)

Impact:

ecryptfs_write() can enter an infinite loop when truncating a file to a
size larger than 4G. This only happens on architectures where size_t is
represented by 32 bits.

This was caused by a size_t overflow due to it incorrectly being used to
store the result of a calculation which uses potentially large values of
type loff_t.

Fix:

Upstream commit 684a3ff7e69acc7c678d1a1394fe9e757993fd34

Testcase:

Truncating a non-existent file to 5GB on a 32 bit system
will cause the truncate to get stuck in an infinite loop
once the lower file is greater than 1GB. Without the fix,
the following will get stuck:

truncate bigfile -s 5G

With, the fix, the file is truncated to 5GB as expected.

Changed in linux (Ubuntu):
assignee: nobody → Colin King (colin-king)

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 947143

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Tim Gardner (timg-tpi) wrote :

Released with Ubuntu-2.6.38-13.57

Changed in linux (Ubuntu Natty):
status: New → Fix Released
Changed in linux (Ubuntu Oneiric):
status: New → Fix Released
Tim Gardner (timg-tpi) wrote :

Released with Linux 3.0.21

Changed in linux (Ubuntu):
status: Incomplete → Fix Released
Herton R. Krzesinski (herton) wrote :

This bug is awaiting verification that the kernel for Natty in -proposed solves the problem (2.6.38-13.57). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-natty' to 'verification-done-natty'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-natty
Changed in linux (Ubuntu Natty):
status: Fix Released → Fix Committed
assignee: nobody → Colin King (colin-king)
Colin Ian King (colin-king) wrote :

Tested and passed on Natty -proposed i386

tags: added: verification-done-natty
removed: verification-needed-natty
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-13.57

---------------
linux (2.6.38-13.57) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #947254

  [ Upstream Kernel Changes ]

  * KVM: Device assignment permission checks
    - LP: #897812
    - CVE-2011-4347
  * HID: hid-apple: add device ID of another wireless aluminium
    - LP: #942184
  * eCryptfs: Extend array bounds for all filename chars
    - LP: #944990
  * eCryptfs: Remove extra d_delete in ecryptfs_rmdir
    - LP: #723518
  * eCryptfs: Clear i_nlink in rmdir
    - LP: #723518
  * ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID
    - LP: #943815
  * eCryptfs: Sanitize write counts of /dev/ecryptfs
    - LP: #947075
  * eCryptfs: Infinite loop due to overflow in ecryptfs_write()
    - LP: #947143
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 05 Mar 2012 13:28:11 -0300

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers