[PATCH] ecryptfs: keystore: Fix a buffer overrun in write_tag_66_packet()

From: Yiyuan Guo
Date: Fri Jun 30 2023 - 05:12:31 EST


The encrypted key of a TAG 66 Packet includes 1 byte cipher code and 2
byte checksum, but the allocation size `data_len` ignores the extra 3
bytes. Fix the allocation size to avoid buffer overrun.

Signed-off-by: Yiyuan Guo <yguoaz@xxxxxxxxx>
---
fs/ecryptfs/keystore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 2452d6fd7062..5cab0b800a03 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -302,7 +302,7 @@ write_tag_66_packet(char *signature, u8 cipher_code,
* | File Encryption Key Size | 1 or 2 bytes |
* | File Encryption Key | arbitrary |
*/
- data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size);
+ data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size + 3);
*packet = kmalloc(data_len, GFP_KERNEL);
message = *packet;
if (!message) {
--
2.25.1