diff options
author | Eric Biggers <ebiggers@google.com> | 2016-09-15 19:32:11 +0200 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2016-09-15 19:32:11 +0200 |
commit | 8f39850dffa9cba0f6920ff907710bcddc7f2a26 (patch) | |
tree | 981f9f701c25c4bf160fae1101476a5f516f5a03 /fs/crypto/crypto.c | |
parent | ext4: fix memory leak when symlink decryption fails (diff) | |
download | linux-8f39850dffa9cba0f6920ff907710bcddc7f2a26.tar.xz linux-8f39850dffa9cba0f6920ff907710bcddc7f2a26.zip |
fscrypto: improved validation when loading inode encryption metadata
- Validate fscrypt_context.format and fscrypt_context.flags. If
unrecognized values are set, then the kernel may not know how to
interpret the encrypted file, so it should fail the operation.
- Validate that AES_256_XTS is used for contents and that AES_256_CTS is
used for filenames. It was previously possible for the kernel to
accept these reversed, though it would have taken manual editing of
the block device. This was not intended.
- Fail cleanly rather than BUG()-ing if a file has an unexpected type.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs/crypto/crypto.c')
0 files changed, 0 insertions, 0 deletions