eCryptfs: Remove buggy and unnecessary write in file name decode routine

commit 94208064 upstream. Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the end of the allocated buffer during encrypted filename decoding. This fix corrects the issue by getting rid of the unnecessary 0 write when the current bit offset is 2. Signed-off-by: Michael Halcrow <mhalcrow@google.com> Reported-by: Dmitry Chernenkov <dmitryc@google.com> Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> CVE-2014-9683 Signed-off-by: Willy Tarreau <w@1wt.eu>

eCryptfs: Remove buggy and unnecessary write in file name decode routine
commit 94208064 upstream. Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the end of the allocated buffer during encrypted filename decoding. This fix corrects the issue by getting rid of the unnecessary 0 write when the current bit offset is 2. Signed-off-by: Michael Halcrow <mhalcrow@google.com> Reported-by: Dmitry Chernenkov <dmitryc@google.com> Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> CVE-2014-9683 Signed-off-by: Willy Tarreau <w@1wt.eu>
f9e6d14d · Michael Halcrow · Willy Tarreau · 624f4cea · f9e6d14d
Commit f9e6d14d authored Nov 26, 2014 by Michael Halcrow Committed by Willy Tarreau Sep 18, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 1 deletion

fs/ecryptfs/crypto.c fs/ecryptfs/crypto.c +0 -1

No files found.
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -2088,7 +2088,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
 			break;
 		case 2:
 			dst[dst_byte_offset++] |= (src_byte);
-			dst[dst_byte_offset] = 0;
 			current_bit_offset = 0;
 			break;
 		}