fix-ecryptfs-packet-parsing

   1 ext4: Fix eCryptfs key packet parsing
   2
   3 From: Michael Halcrow <mhalcrow@google.com>
   4
   5 Note that the eCryptfs key packet code is temporary. We're going to be
   6 changing the format of the key material passed to ext4 via the
   7 keyring.
   8
   9 That said, this temporary code is broken because I copied the wrong
  10 code from eCryptfs (d'oh!), so this patch fixes it. The bits just so
  11 happened to be twiddled in the right way to make it past the type and
  12 flag checks.
  13
  14 (Ildar, sorry you had to bang your head against this issue today...)
  15
  16 Signed-off-by: Ildar Muslukhov <ildarm@google.com>
  17 Signed-off-by: Michael Halcrow <mhalcrow@google.com>
  18 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
  19 ---
  20  fs/ext4/crypto.c | 12 +++++++++---
  21  1 file changed, 9 insertions(+), 3 deletions(-)
  22
  23 diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
  24 index 0a4d9fb..d655a64 100644
  25 --- a/fs/ext4/crypto.c
  26 +++ b/fs/ext4/crypto.c
  27 @@ -563,13 +563,11 @@ static int ext4_get_wrapping_key_from_keyring(
  28         const char sig[EXT4_WRAPPING_KEY_SIG_NULL_TERMINATED_SIZE])
  29  {
  30         struct key *create_key;
  31 -       struct encrypted_key_payload *payload;
  32         struct ecryptfs_auth_tok *auth_tok;
  33
  34         create_key = request_key(&key_type_user, sig, NULL);
  35         if (WARN_ON_ONCE(IS_ERR(create_key)))
  36                 return -ENOENT;
  37 -       payload = (struct encrypted_key_payload *)create_key->payload.data;
  38         if (WARN_ON_ONCE(create_key->datalen !=
  39                          sizeof(struct ecryptfs_auth_tok))) {
  40                 printk(KERN_ERR
  41 @@ -578,7 +576,15 @@ static int ext4_get_wrapping_key_from_keyring(
  42                        sizeof(struct ecryptfs_auth_tok));
  43                 return -EINVAL;
  44         }
  45 -       auth_tok = (struct ecryptfs_auth_tok *)(&(payload)->payload_data);
  46 +       if (create_key->type == &key_type_encrypted) {
  47 +               auth_tok = (struct ecryptfs_auth_tok *)
  48 +                       (&((struct encrypted_key_payload *)
  49 +                          create_key->payload.data)->payload_data);
  50 +       } else {
  51 +               auth_tok = (struct ecryptfs_auth_tok *)
  52 +                       (&((struct user_key_payload *)
  53 +                          create_key->payload.data)->data);
  54 +       }
  55         if (WARN_ON_ONCE(!(auth_tok->token.password.flags &
  56                            ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET))) {
  57                 printk(KERN_ERR
  58 --
  59 2.1.0.rc2.206.gedb03e5
  60
  61