Commit f0d07a98 authored Jan 20, 2020 by Eric Biggers

ubifs: don't trigger assertion on invalid no-key filename

If userspace provides an invalid fscrypt no-key filename which encodes a
hash value with any of the UBIFS node type bits set (i.e. the high 3
bits), gracefully report ENOENT rather than triggering ubifs_assert().

Test case with kvm-xfstests shell:

    . fs/ubifs/config
    . ~/xfstests/common/encrypt
    dev=$(__blkdev_to_ubi_volume /dev/vdc)
    ubiupdatevol $dev -t
    mount $dev /mnt -t ubifs
    mkdir /mnt/edir
    xfs_io -c set_encpolicy /mnt/edir
    rm /mnt/edir/_,,,,,DAAAAAAAAAAAAAAAAAAAAAAAAAA

With the bug, the following assertion fails on the 'rm' command:

    [   19.066048] UBIFS error (ubi0:0 pid 379): ubifs_assert_failed: UBIFS assert failed: !(hash & ~UBIFS_S_KEY_HASH_MASK), in fs/ubifs/key.h:170

Fixes: f4f61d2c ("ubifs: Implement encrypted filenames")
Cc: <stable@vger.kernel.org> # v4.10+
Link: https://lore.kernel.org/r/20200120223201.241390-5-ebiggers@kernel.org


Signed-off-by: Eric Biggers <ebiggers@google.com>

parent f592efe7

fs/ubifs/dir.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -228,6 +228,8 @@ static struct dentry ubifs_lookup(struct inode dir, struct dentry *dentry,
		if (nm.hash) {
		ubifs_assert(c, fname_len(&nm) == 0);
		ubifs_assert(c, fname_name(&nm) == NULL);
		if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
		goto done; /* ENOENT */
		dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
		err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
		} else {

Admin message