fscrypto: CVE-2016-10318

fscrypto: add authorization check for setting encryption policy

References:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.1.y&id=e68557814c7e9e4943caca924ff5537952bb3b4e

Change-Id: I83ba398899b937d26ebd7955c390981b779b6e16
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>

2 files changed, 53 insertions, 0 deletions

diff --git a/patches/cve/4.1.x.scc b/patches/cve/4.1.x.scc
index 8b5a52f..47341b8 100644
--- a/patches/cve/4.1.x.scc
+++ b/patches/cve/4.1.x.scc
@@ -31,3 +31,6 @@ patch CVE-2017-17806-crypto-hmac-require-that-the-underlying-hash-algorit.patch
 patch CVE-2017-6346-packet-fix-races-in-fanout_add.patch
 patch CVE-2017-7184-xfrm_user-validate-XFRM_MSG_NEWAE-incoming-ESN-size-.patch
 
+#fixed in 4.1.50
+patch CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch
+
diff --git a/patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch b/patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch
new file mode 100644
index 0000000..f499685
--- /dev/null
+++ b/patches/cve/CVE-2016-10318-fscrypto-add-authorization-check-for-setting-encrypt.patch
@@ -0,0 +1,50 @@
+From e68557814c7e9e4943caca924ff5537952bb3b4e Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Fri, 2 Mar 2018 14:21:12 -0800
+Subject: [PATCH] fscrypto: add authorization check for setting encryption
+ policy
+
+commit 163ae1c6ad6299b19e22b4a35d5ab24a89791a98 upstream.
+
+On an ext4 or f2fs filesystem with file encryption supported, a user
+could set an encryption policy on any empty directory(*) to which they
+had readonly access.  This is obviously problematic, since such a
+directory might be owned by another user and the new encryption policy
+would prevent that other user from creating files in their own directory
+(for example).
+
+Fix this by requiring inode_owner_or_capable() permission to set an
+encryption policy.  This means that either the caller must own the file,
+or the caller must have the capability CAP_FOWNER.
+
+(*) Or also on any regular file, for f2fs v4.6 and later and ext4
+    v4.8-rc1 and later; a separate bug fix is coming for that.
+
+CVE: CVE-2016-10318   
+Upstream-Status: Backport  
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ fs/ext4/crypto_policy.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c
+index a6d6291..591fc37 100644
+--- a/fs/ext4/crypto_policy.c
++++ b/fs/ext4/crypto_policy.c
+@@ -85,6 +85,9 @@ static int ext4_create_encryption_context_from_policy(
+ int ext4_process_policy(const struct ext4_encryption_policy *policy,
+                        struct inode *inode)
+ {
++       if (!inode_owner_or_capable(inode))
++               return -EACCES;
++
+        if (policy->version != 0)
+                return -EINVAL;
+ 
+-- 
+2.7.4
+