ecryptfs: Bugfix for error related to ecryptfs_hash_buckets
The function ecryptfs_uid_hash wrongly assumes that the second parameter to hash_long() is the number of hash buckets instead of the number of hash bits. This patch fixes that and renames the variable ecryptfs_hash_buckets to ecryptfs_hash_bits to make it clearer. Fixes: CVE-2010-2492 Signed-off-by: Andre Osterhues <aosterhues@escrypt.com> Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
6c50e1a49b
commit
a6f80fb7b5
|
@ -31,9 +31,9 @@ static struct mutex ecryptfs_msg_ctx_lists_mux;
|
||||||
|
|
||||||
static struct hlist_head *ecryptfs_daemon_hash;
|
static struct hlist_head *ecryptfs_daemon_hash;
|
||||||
struct mutex ecryptfs_daemon_hash_mux;
|
struct mutex ecryptfs_daemon_hash_mux;
|
||||||
static int ecryptfs_hash_buckets;
|
static int ecryptfs_hash_bits;
|
||||||
#define ecryptfs_uid_hash(uid) \
|
#define ecryptfs_uid_hash(uid) \
|
||||||
hash_long((unsigned long)uid, ecryptfs_hash_buckets)
|
hash_long((unsigned long)uid, ecryptfs_hash_bits)
|
||||||
|
|
||||||
static u32 ecryptfs_msg_counter;
|
static u32 ecryptfs_msg_counter;
|
||||||
static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
|
static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
|
||||||
|
@ -486,18 +486,19 @@ int ecryptfs_init_messaging(void)
|
||||||
}
|
}
|
||||||
mutex_init(&ecryptfs_daemon_hash_mux);
|
mutex_init(&ecryptfs_daemon_hash_mux);
|
||||||
mutex_lock(&ecryptfs_daemon_hash_mux);
|
mutex_lock(&ecryptfs_daemon_hash_mux);
|
||||||
ecryptfs_hash_buckets = 1;
|
ecryptfs_hash_bits = 1;
|
||||||
while (ecryptfs_number_of_users >> ecryptfs_hash_buckets)
|
while (ecryptfs_number_of_users >> ecryptfs_hash_bits)
|
||||||
ecryptfs_hash_buckets++;
|
ecryptfs_hash_bits++;
|
||||||
ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head)
|
ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head)
|
||||||
* ecryptfs_hash_buckets), GFP_KERNEL);
|
* (1 << ecryptfs_hash_bits)),
|
||||||
|
GFP_KERNEL);
|
||||||
if (!ecryptfs_daemon_hash) {
|
if (!ecryptfs_daemon_hash) {
|
||||||
rc = -ENOMEM;
|
rc = -ENOMEM;
|
||||||
printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
|
printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
|
||||||
mutex_unlock(&ecryptfs_daemon_hash_mux);
|
mutex_unlock(&ecryptfs_daemon_hash_mux);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
for (i = 0; i < ecryptfs_hash_buckets; i++)
|
for (i = 0; i < (1 << ecryptfs_hash_bits); i++)
|
||||||
INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]);
|
INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]);
|
||||||
mutex_unlock(&ecryptfs_daemon_hash_mux);
|
mutex_unlock(&ecryptfs_daemon_hash_mux);
|
||||||
ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
|
ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
|
||||||
|
@ -554,7 +555,7 @@ void ecryptfs_release_messaging(void)
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
mutex_lock(&ecryptfs_daemon_hash_mux);
|
mutex_lock(&ecryptfs_daemon_hash_mux);
|
||||||
for (i = 0; i < ecryptfs_hash_buckets; i++) {
|
for (i = 0; i < (1 << ecryptfs_hash_bits); i++) {
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
hlist_for_each_entry(daemon, elem,
|
hlist_for_each_entry(daemon, elem,
|
||||||
|
|
Loading…
Reference in New Issue