From patchwork Thu Aug 11 07:39:44 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Johansen X-Patchwork-Id: 109559 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 501FEB6F8E for ; Thu, 11 Aug 2011 17:40:28 +1000 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1QrPsJ-00064t-IH; Thu, 11 Aug 2011 07:40:19 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1QrPsH-00064O-PL for kernel-team@lists.ubuntu.com; Thu, 11 Aug 2011 07:40:17 +0000 Received: from 72-254-11-95.client.stsn.net ([72.254.11.95] helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1QrPsH-00053a-BO for kernel-team@lists.ubuntu.com; Thu, 11 Aug 2011 07:40:17 +0000 From: John Johansen To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/2] [oneiric CVE 2/2] Change check_ruid flag to a more reasonable type Date: Thu, 11 Aug 2011 00:39:44 -0700 Message-Id: <1313048384-22901-3-git-send-email-john.johansen@canonical.com> X-Mailer: git-send-email 1.7.5.4 In-Reply-To: <1313048384-22901-1-git-send-email-john.johansen@canonical.com> References: <1313048384-22901-1-git-send-email-john.johansen@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com The first interation of the patch for the check ruid flag at mount time flag returned a full uid. However the revised patch used the check_ruid parameter solely as a boolean flag, but missed fixing the parameters type. Change the parameter type to int instead of uid_t. CVE-2011-1833 BugLink: http://bugs.launchpad.net/bugs/732628 Signed-off-by: John Johansen --- fs/ecryptfs/main.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 703cda3..27df5b5 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -255,7 +255,7 @@ static void ecryptfs_init_mount_crypt_stat( * Returns zero on success; non-zero on error */ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, - uid_t *check_ruid) + int *check_ruid) { char *p; int rc = 0; @@ -484,8 +484,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags const char *err = "Getting sb failed"; struct inode *inode; struct path path; - uid_t check_ruid; - int rc; + int rc, check_ruid; sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL); if (!sbi) {