ubifs: check for consistent encryption contexts in ubifs_lookup()

As ext4 and f2fs do, ubifs should check for consistent encryption
contexts during ->lookup() in an encrypted directory.  This protects
certain users of filesystem encryption against certain types of offline
attacks.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
This commit is contained in:
Eric Biggers 2017-04-07 10:58:40 -07:00 committed by Theodore Ts'o
parent faac7fd97e
commit 413d5a9edb
1 changed files with 11 additions and 0 deletions

View File

@ -285,6 +285,15 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
goto out_dent;
}
if (ubifs_crypt_is_encrypted(dir) &&
(S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
!fscrypt_has_permitted_context(dir, inode)) {
ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
dir->i_ino, inode->i_ino);
err = -EPERM;
goto out_inode;
}
done:
kfree(dent);
fscrypt_free_filename(&nm);
@ -295,6 +304,8 @@ done:
d_add(dentry, inode);
return NULL;
out_inode:
iput(inode);
out_dent:
kfree(dent);
out_fname: