ubifs: check for consistent encryption contexts in ubifs_lookup()

author Eric Biggers <ebiggers@google.com>

Fri, 7 Apr 2017 17:58:40 +0000 (10:58 -0700)

committer Theodore Ts'o <tytso@mit.edu>

Thu, 4 May 2017 15:44:35 +0000 (11:44 -0400)
author Eric Biggers <ebiggers@google.com>
Fri, 7 Apr 2017 17:58:40 +0000 (10:58 -0700)
committer Theodore Ts'o <tytso@mit.edu>
Thu, 4 May 2017 15:44:35 +0000 (11:44 -0400)
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c

index 30825d882aa94a4c2486d47581f33d1dfca1a409..bbe2b346a94f2a2e7fd09a00e78e26b4cae11af6 100644 (file)
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -285,6 +285,15 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
                 goto out_dent;
         }
  
+       if (ubifs_crypt_is_encrypted(dir) &&
+           (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
+           !fscrypt_has_permitted_context(dir, inode)) {
+               ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
+                          dir->i_ino, inode->i_ino);
+               err = -EPERM;
+               goto out_inode;
+       }
+
  done:
         kfree(dent);
         fscrypt_free_filename(&nm);
@@ -295,6 +304,8 @@ done:
         d_add(dentry, inode);
         return NULL;
  
+out_inode:
+       iput(inode);
  out_dent:
         kfree(dent);
  out_fname:
author	Eric Biggers <ebiggers@google.com>
	Fri, 7 Apr 2017 17:58:40 +0000 (10:58 -0700)
committer	Theodore Ts'o <tytso@mit.edu>
	Thu, 4 May 2017 15:44:35 +0000 (11:44 -0400)