[PATCH 5.4 04/47] ext4: prevent creating duplicate encrypted filenames

From: Greg Kroah-Hartman
Date: Mon Jan 04 2021 - 11:13:03 EST

From: Eric Biggers <ebiggers@xxxxxxxxxx>

commit 75d18cd1868c2aee43553723872c35d7908f240f upstream.

As described in "fscrypt: add fscrypt_is_nokey_name()", it's possible to
create a duplicate filename in an encrypted directory by creating a file
concurrently with adding the directory's encryption key.

Fix this bug on ext4 by rejecting no-key dentries in ext4_add_entry().

Note that the duplicate check in ext4_find_dest_de() sometimes prevented
this bug. However in many cases it didn't, since ext4_find_dest_de()
doesn't examine every dentry.

Fixes: 4461471107b7 ("ext4 crypto: enable filename encryption")
Cc: stable@xxxxxxxxxxxxxxx
Link: https://lore.kernel.org/r/20201118075609.120337-3-ebiggers@xxxxxxxxxx
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
fs/ext4/namei.c | 3 +++
1 file changed, 3 insertions(+)

--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2192,6 +2192,9 @@ static int ext4_add_entry(handle_t *hand
if (!dentry->d_name.len)
return -EINVAL;

+ if (fscrypt_is_nokey_name(dentry))
+ return -ENOKEY;
if (ext4_has_strict_mode(sbi) && IS_CASEFOLDED(dir) &&
sbi->s_encoding && utf8_validate(sbi->s_encoding, &dentry->d_name))