ecryptfs team mailing list archive

Thread
Date

[Bug 345766] Re: NULL crypt_stat dereference during lookup

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Mar 2009 07:48:20 -0000
Reply-to: Bug 345766 <345766@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

---
Subject: [PATCH] eCryptfs: NULL crypt_stat dereference during lookup

If ecryptfs_encrypted_view or ecryptfs_xattr_metadata were being
specified as mount options, a NULL pointer dereference was possible
during lookup.

This patch moves the crypt_stat assignment into
ecryptfs_lookup_and_interpose_lower(), ensuring that crypt_stat
will not be NULL before we attempt to dereference it.

Thanks to Dan Carpenter and his static analysis tool, smatch, for
finding this bug.

Signed-off-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx>
---

Sent upstream: http://thread.gmane.org/gmane.linux.kernel/809706

** Attachment added: "[PATCH] eCryptfs: NULL crypt_stat dereference during lookup"
   http://launchpadlibrarian.net/24142245/0002-eCryptfs-NULL-crypt_stat-dereference-during-lookup.patch

** Changed in: ecryptfs
   Importance: Undecided => High
     Assignee: (unassigned) => Tyler Hicks (tyhicks)
       Status: New => In Progress

** Also affects: ecryptfs-utils (Ubuntu)
   Importance: Undecided
       Status: New

-- 
NULL crypt_stat dereference during lookup
https://bugs.launchpad.net/bugs/345766
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in eCryptfs - Enterprise Cryptographic Filesystem: In Progress
Status in “ecryptfs-utils” source package in Ubuntu: New

Bug description:
If ecryptfs_encrypted_view or ecryptfs_xattr_metadata is being specified as mount options, a NULL pointer dereference is possible during lookup.

Reproduce:
---
# mount -t ecryptfs lower upper 
# touch upper/oops
# umout upper
# mount -t ecryptfs lower upper -o ecryptfs_encrypted_view
# ls upper/
---

You should have seen an oops after running `ls`.