ecryptfs team mailing list archive

Thread
Date

[Bug 401810] Re: Check max buffer lengths when parsing metadata packets

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx>
Date: Tue, 21 Jul 2009 15:31:51 -0000
Reply-to: Bug 401810 <401810@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Updating this patch due to an small error.  "goto out;" was changed to
"goto out_free;".

** Attachment removed: "[PATCH] eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size"
   http://launchpadlibrarian.net/29290156/0001-eCryptfs-parse_tag_3_packet-check-tag-3-packet-encr.patch

** Attachment added: "[PATCH 2/2] eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size"
   http://launchpadlibrarian.net/29330251/0002-eCryptfs-parse_tag_3_packet-check-tag-3-packet-encr.patch

-- 
Check max buffer lengths when parsing metadata packets
https://bugs.launchpad.net/bugs/401810
You received this bug notification because you are a member of eCryptfs,
which is a direct subscriber.

Status in eCryptfs - Enterprise Cryptographic Filesystem: In Progress
Status in “ecryptfs-utils” package in Ubuntu: In Progress

Bug description:
Each eCryptfs file has metadata associated with it that is normally stored in the header of the file.  The metadata is stored in "packet" form according to RFC 2440 "OpenPGP Message Format".    Each packet has a header section itself, which has fields such as the packet length.  When reading the packet contents, the packet length field is used for the memcpy to the destination buffer but is not checked against the size of the destination buffer.  This could result in a buffer overflow if a malicious user hand-modifies the packet length field.

References

[Bug 401810] [NEW] Check max buffer lengths when parsing metadata packets
From: Tyler Hicks, 2009-07-20