1 files changed, 41 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch b/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch
new file mode 100644
index 0000000..0cd9c95
--- /dev/null
+++ b/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch
@@ -0,0 +1,41 @@
+From 8ffea99d6f2be99790611282f326da95a84a8cab Mon Sep 17 00:00:00 2001
+From: Michael Halcrow <mhalcrow@google.com>
+Date: Wed, 26 Nov 2014 09:09:16 -0800
+Subject: [PATCH] eCryptfs: Remove buggy and unnecessary write in file name
+ decode routine
+commit 942080643bce061c3dd9d5718d3b745dcb39a8bc upstream.
+Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the
+end of the allocated buffer during encrypted filename decoding. This
+fix corrects the issue by getting rid of the unnecessary 0 write when
+the current bit offset is 2.
+Fixes CVE-2014-9683
+Upstream-Status: Backport
+Signed-off-by: Michael Halcrow <mhalcrow@google.com>
+Reported-by: Dmitry Chernenkov <dmitryc@google.com>
+Suggested-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/ecryptfs/crypto.c | 1 -
+ 1 file changed, 1 deletion(-)
+diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
+index 000eae2..bf926f7 100644
+--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
+@@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
+                        break;
+                case 2:
+                        dst[dst_byte_offset++] |= (src_byte);
+-                       dst[dst_byte_offset] = 0;
+                        current_bit_offset = 0;
+                        break;
+                }
+-- 
+1.9.1

diff --git a/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch b/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch new file mode 100644 index 0000000..0cd9c95 --- /dev/null +++ b/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch
@@ -0,0 +1,41 @@
	1	From 8ffea99d6f2be99790611282f326da95a84a8cab Mon Sep 17 00:00:00 2001
	2	From: Michael Halcrow <mhalcrow@google.com>
	3	Date: Wed, 26 Nov 2014 09:09:16 -0800
	4	Subject: [PATCH] eCryptfs: Remove buggy and unnecessary write in file name
	5	decode routine
	6
	7	commit 942080643bce061c3dd9d5718d3b745dcb39a8bc upstream.
	8
	9	Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the
	10	end of the allocated buffer during encrypted filename decoding. This
	11	fix corrects the issue by getting rid of the unnecessary 0 write when
	12	the current bit offset is 2.
	13
	14	Fixes CVE-2014-9683
	15	Upstream-Status: Backport
	16
	17	Signed-off-by: Michael Halcrow <mhalcrow@google.com>
	18	Reported-by: Dmitry Chernenkov <dmitryc@google.com>
	19	Suggested-by: Kees Cook <keescook@chromium.org>
	20	Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
	21	Signed-off-by: Jiri Slaby <jslaby@suse.cz>
	22	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	23	---
	24	fs/ecryptfs/crypto.c \| 1 -
	25	1 file changed, 1 deletion(-)
	26
	27	diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
	28	index 000eae2..bf926f7 100644
	29	--- a/fs/ecryptfs/crypto.c
	30	+++ b/fs/ecryptfs/crypto.c
	31	@@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char dst, size_t dst_size,
	32	break;
	33	case 2:
	34	dst[dst_byte_offset++] \|= (src_byte);
	35	- dst[dst_byte_offset] = 0;
	36	current_bit_offset = 0;
	37	break;
	38	}
	39	--
	40	1.9.1
	41