[PATCH] eCryptfs: infinite loop bug
From: Li Wang
Date: Wed Jan 18 2012 - 02:42:41 EST
Hi,
There is an infinite loop bug in eCryptfs, to make it present,
just truncate to generate a huge file (>= 4G) on a 32-bit machine
under the plain text foleder mounted with eCryptfs, a simple command
'truncate -s 4G dummy' is enough. Note: 4GB is smaller than 4G,
therefore the following command 'truncate -s 4GB dummy' will not trigger this bug.
The bug comes from a data overflow, the patch below fixes it.
Cheers,
Li Wang
---
signed-off-by: Li Wang <liwang@xxxxxxxxxxx >
Yunchuan Wen (wenyunchuan@xxxxxxxxxxxxxx )
--- read_write.c.orig 2012-01-18 10:39:26.000000000 +0800
+++ read_write.c 2012-01-18 19:48:41.484196221 +0800
@@ -130,7 +130,7 @@ int ecryptfs_write(struct inode *ecryptf
pgoff_t ecryptfs_page_idx = (pos >> PAGE_CACHE_SHIFT);
size_t start_offset_in_page = (pos & ~PAGE_CACHE_MASK);
size_t num_bytes = (PAGE_CACHE_SIZE - start_offset_in_page);
- size_t total_remaining_bytes = ((offset + size) - pos);
+ loff_t total_remaining_bytes = ((offset + size) - pos);
if (num_bytes > total_remaining_bytes)
num_bytes = total_remaining_bytes;
--- read_write.c.orig 2012-01-18 10:39:26.000000000 +0800
+++ read_write.c 2012-01-18 19:48:41.484196221 +0800
@@ -130,7 +130,7 @@ int ecryptfs_write(struct inode *ecryptf
pgoff_t ecryptfs_page_idx = (pos >> PAGE_CACHE_SHIFT);
size_t start_offset_in_page = (pos & ~PAGE_CACHE_MASK);
size_t num_bytes = (PAGE_CACHE_SIZE - start_offset_in_page);
- size_t total_remaining_bytes = ((offset + size) - pos);
+ loff_t total_remaining_bytes = ((offset + size) - pos);
if (num_bytes > total_remaining_bytes)
num_bytes = total_remaining_bytes;
N嫥叉靣笡y氊b瞂千v豝?藓{.n?壏{睉赙zXФ�洝塄}财爖?j:+v墾?珣赙zZ+€?zf"穐殘啳嗃i?鄗?畐ア?櫒璀??撷�f旟^j谦y呩@A玜囤?0鹅h?鍜i