From 0f9b0076ff05492aac2fb38129506892b81748cf Mon Sep 17 00:00:00 2001 From: Slark Xiao Date: Fri, 22 Jul 2022 18:02:12 +0800 Subject: [PATCH 01/11] ecryptfs: keystore: Fix typo 'the the' in comment Replace 'the the' with 'the' in the comment. Signed-off-by: Slark Xiao Signed-off-by: Tyler Hicks --- fs/ecryptfs/keystore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index bbf8603242fa..e8341a3271e2 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -837,7 +837,7 @@ struct ecryptfs_parse_tag_70_packet_silly_stack { * @filename: This function kmalloc's the memory for the filename * @filename_size: This function sets this to the amount of memory * kmalloc'd for the filename - * @packet_size: This function sets this to the the number of octets + * @packet_size: This function sets this to the number of octets * in the packet parsed * @mount_crypt_stat: The mount-wide cryptographic context * @data: The memory location containing the start of the tag 70 From 9383d8205c1591f49d66cb53b3a5b0f15e9ff703 Mon Sep 17 00:00:00 2001 From: Zipeng Zhang Date: Mon, 20 Mar 2023 10:04:28 +0800 Subject: [PATCH 02/11] ecryptfs: comment typo fix Comment typo fix "vitual" -> "virtual". Signed-off-by: Zipeng Zhang Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 260f8a4938b0..b80f60863b5a 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -1220,7 +1220,7 @@ out: /** * ecryptfs_read_xattr_region - * @page_virt: The vitual address into which to read the xattr data + * @page_virt: The virtual address into which to read the xattr data * @ecryptfs_inode: The eCryptfs inode * * Attempts to read the crypto metadata from the extended attribute From ec25c4cf2db1ab1b91b8b4ba5296fb99e30debbe Mon Sep 17 00:00:00 2001 From: Thorsten Blum Date: Fri, 18 Oct 2024 23:41:42 +0200 Subject: [PATCH 03/11] ecryptfs: Fix packet format comment in parse_tag_67_packet() s/TAG 65/TAG 67/ Signed-off-by: Thorsten Blum Signed-off-by: Tyler Hicks --- fs/ecryptfs/keystore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index e8341a3271e2..3a6283477d61 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -354,7 +354,7 @@ parse_tag_67_packet(struct ecryptfs_key_record *key_rec, int rc; /* - * ***** TAG 65 Packet Format ***** + * ***** TAG 67 Packet Format ***** * | Content Type | 1 byte | * | Status Indicator | 1 byte | * | Encrypted File Encryption Key Size | 1 or 2 bytes | From 111625ba8ab818c68928c8cbfde8775dcd5d6690 Mon Sep 17 00:00:00 2001 From: Zhang Zekun Date: Fri, 6 Sep 2024 14:12:41 +0800 Subject: [PATCH 04/11] ecryptfs: Remove unused declartion ecryptfs_fill_zeros() The definition of ecryptfs_fill_zeros() has been removed since commit b6c1d8fcbade ("eCryptfs: remove unused functions and kmem_cache") So, Remove the empty declartion in header files. Signed-off-by: Zhang Zekun Signed-off-by: Tyler Hicks --- fs/ecryptfs/ecryptfs_kernel.h | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 62a2ea7f59ed..ba59f976a962 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h @@ -542,7 +542,6 @@ int ecryptfs_decode_and_decrypt_filename(char **decrypted_name, size_t *decrypted_name_size, struct super_block *sb, const char *name, size_t name_size); -int ecryptfs_fill_zeros(struct file *file, loff_t new_length); int ecryptfs_encrypt_and_encode_filename( char **encoded_name, size_t *encoded_name_size, From 5c31c9bf9e2ff0d6c065ff7f2ccf8a1e95ddbb49 Mon Sep 17 00:00:00 2001 From: Baolin Liu Date: Tue, 11 Nov 2025 20:13:25 +0800 Subject: [PATCH 05/11] ecryptfs: simplify list initialization in ecryptfs_parse_packet_set() In ecryptfs_parse_packet_set(),use LIST_HEAD() to declare and initialize the 'auth_tok_list' list in one step instead of using INIT_LIST_HEAD() separately. No functional change. Signed-off-by: Baolin Liu Signed-off-by: Tyler Hicks --- fs/ecryptfs/keystore.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 3a6283477d61..32e5e250c2dc 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -1716,7 +1716,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, size_t i = 0; size_t found_auth_tok; size_t next_packet_is_auth_tok_packet; - struct list_head auth_tok_list; + LIST_HEAD(auth_tok_list); struct ecryptfs_auth_tok *matching_auth_tok; struct ecryptfs_auth_tok *candidate_auth_tok; char *candidate_auth_tok_sig; @@ -1729,7 +1729,6 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, struct key *auth_tok_key = NULL; int rc = 0; - INIT_LIST_HEAD(&auth_tok_list); /* Parse the header to find as many packets as we can; these will be * added the our &auth_tok_list */ next_packet_is_auth_tok_packet = 1; From 3bdc6cace25c3c7adfc073bb763bb52c9d1282c8 Mon Sep 17 00:00:00 2001 From: Thorsten Blum Date: Sat, 13 Dec 2025 12:04:50 +0100 Subject: [PATCH 06/11] ecryptfs: Replace strcpy with strscpy in ecryptfs_set_default_crypt_stat_vals strcpy() has been deprecated [1] because it performs no bounds checking on the destination buffer, which can lead to buffer overflows. Replace it with the safer strscpy(). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1] Signed-off-by: Thorsten Blum Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index b80f60863b5a..c84c7c3de4d9 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -645,7 +646,7 @@ static void ecryptfs_set_default_crypt_stat_vals( ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, mount_crypt_stat); ecryptfs_set_default_sizes(crypt_stat); - strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); + strscpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID); crypt_stat->file_version = ECRYPTFS_FILE_VERSION; From c82f77a4ac9589a5d73d4caaa439fa670c684455 Mon Sep 17 00:00:00 2001 From: Thorsten Blum Date: Sat, 13 Dec 2025 12:04:52 +0100 Subject: [PATCH 07/11] ecryptfs: Replace strcpy with strscpy in ecryptfs_cipher_code_to_string strcpy() has been deprecated [1] because it performs no bounds checking on the destination buffer, which can lead to buffer overflows. Since the parameter 'char *str' is just a pointer with no size information, extend the function with a 'size' parameter to pass the destination buffer's size as an additional argument. Adjust the call sites accordingly. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1] Signed-off-by: Thorsten Blum Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 6 ++++-- fs/ecryptfs/ecryptfs_kernel.h | 2 +- fs/ecryptfs/keystore.c | 9 +++++++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index c84c7c3de4d9..fa49d20521a4 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -862,11 +862,12 @@ u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes) /** * ecryptfs_cipher_code_to_string * @str: Destination to write out the cipher name + * @size: Destination buffer size * @cipher_code: The code to convert to cipher name string * * Returns zero on success */ -int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code) +int ecryptfs_cipher_code_to_string(char *str, size_t size, u8 cipher_code) { int rc = 0; int i; @@ -874,7 +875,8 @@ int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code) str[0] = '\0'; for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++) if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code) - strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str); + strscpy(str, ecryptfs_cipher_code_str_map[i].cipher_str, + size); if (str[0] == '\0') { ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: " "[%d]\n", cipher_code); diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index ba59f976a962..54e780186ac6 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h @@ -571,7 +571,7 @@ int ecryptfs_read_and_validate_header_region(struct inode *inode); int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry, struct inode *inode); u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes); -int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code); +int ecryptfs_cipher_code_to_string(char *str, size_t size, u8 cipher_code); void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat); int ecryptfs_generate_key_packet_set(char *dest_base, struct ecryptfs_crypt_stat *crypt_stat, diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 32e5e250c2dc..e55bd8f9c952 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -911,7 +911,9 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0'; (*packet_size) += ECRYPTFS_SIG_SIZE; s->cipher_code = data[(*packet_size)++]; - rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code); + rc = ecryptfs_cipher_code_to_string(s->cipher_string, + sizeof(s->cipher_string), + s->cipher_code); if (rc) { printk(KERN_WARNING "%s: Cipher code [%d] is invalid\n", __func__, s->cipher_code); @@ -1129,7 +1131,9 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, auth_tok->session_key.decrypted_key_size); crypt_stat->key_size = auth_tok->session_key.decrypted_key_size; - rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, cipher_code); + rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, + sizeof(crypt_stat->cipher), + cipher_code); if (rc) { ecryptfs_printk(KERN_ERR, "Cipher code [%d] is invalid\n", cipher_code); @@ -1395,6 +1399,7 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, goto out_free; } rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher, + sizeof(crypt_stat->cipher), (u16)data[(*packet_size)]); if (rc) goto out_free; From 0529a804095b22bf4fe8502d1a1eb09a25a5b954 Mon Sep 17 00:00:00 2001 From: Thorsten Blum Date: Sat, 13 Dec 2025 12:04:54 +0100 Subject: [PATCH 08/11] ecryptfs: Replace strcpy with strscpy in ecryptfs_validate_options strcpy() has been deprecated [1] because it performs no bounds checking on the destination buffer, which can lead to buffer overflows. Replace it with the safer strscpy(). Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [1] Signed-off-by: Thorsten Blum Signed-off-by: Tyler Hicks --- fs/ecryptfs/main.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index c12dc680f8fe..7d51e6b60f53 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include "ecryptfs_kernel.h" @@ -354,13 +355,13 @@ static int ecryptfs_validate_options(struct fs_context *fc) int cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER); BUG_ON(cipher_name_len > ECRYPTFS_MAX_CIPHER_NAME_SIZE); - strcpy(mount_crypt_stat->global_default_cipher_name, - ECRYPTFS_DEFAULT_CIPHER); + strscpy(mount_crypt_stat->global_default_cipher_name, + ECRYPTFS_DEFAULT_CIPHER); } if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) && !ctx->fn_cipher_name_set) - strcpy(mount_crypt_stat->global_default_fn_cipher_name, - mount_crypt_stat->global_default_cipher_name); + strscpy(mount_crypt_stat->global_default_fn_cipher_name, + mount_crypt_stat->global_default_cipher_name); if (!ctx->cipher_key_bytes_set) mount_crypt_stat->global_default_cipher_key_size = 0; if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) From e8fb5ec8934312df0a8f28b5514733acdf7ba722 Mon Sep 17 00:00:00 2001 From: Thorsten Blum Date: Fri, 19 Dec 2025 22:32:33 +0100 Subject: [PATCH 09/11] ecryptfs: Replace memcpy + NUL termination in ecryptfs_new_file_context Use strscpy() to copy the NUL-terminated '->global_default_cipher_name' to the destination buffer instead of using memcpy() followed by a manual NUL termination. Remove the now-unused local variable 'cipher_name_len'. Signed-off-by: Thorsten Blum Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index fa49d20521a4..c2ec043857f2 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -679,7 +679,6 @@ int ecryptfs_new_file_context(struct inode *ecryptfs_inode) struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private( ecryptfs_inode->i_sb)->mount_crypt_stat; - int cipher_name_len; int rc = 0; ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat); @@ -693,12 +692,8 @@ int ecryptfs_new_file_context(struct inode *ecryptfs_inode) "to the inode key sigs; rc = [%d]\n", rc); goto out; } - cipher_name_len = - strlen(mount_crypt_stat->global_default_cipher_name); - memcpy(crypt_stat->cipher, - mount_crypt_stat->global_default_cipher_name, - cipher_name_len); - crypt_stat->cipher[cipher_name_len] = '\0'; + strscpy(crypt_stat->cipher, + mount_crypt_stat->global_default_cipher_name); crypt_stat->key_size = mount_crypt_stat->global_default_cipher_key_size; ecryptfs_generate_new_key(crypt_stat); From 6ba673331340dabcff4a3ca91cc67761ba74c518 Mon Sep 17 00:00:00 2001 From: Thorsten Blum Date: Thu, 20 Nov 2025 23:17:57 +0100 Subject: [PATCH 10/11] ecryptfs: Drop redundant NUL terminations after calling ecryptfs_to_hex ecryptfs_to_hex() already NUL-terminates the destination buffers. Drop the manual NUL terminations. Signed-off-by: Thorsten Blum Signed-off-by: Tyler Hicks --- fs/ecryptfs/debug.c | 1 - fs/ecryptfs/keystore.c | 3 --- 2 files changed, 4 deletions(-) diff --git a/fs/ecryptfs/debug.c b/fs/ecryptfs/debug.c index cf6d0e8e25a1..c185a8cb5fe2 100644 --- a/fs/ecryptfs/debug.c +++ b/fs/ecryptfs/debug.c @@ -28,7 +28,6 @@ void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok) ecryptfs_printk(KERN_DEBUG, " * passphrase type\n"); ecryptfs_to_hex(salt, auth_tok->token.password.salt, ECRYPTFS_SALT_SIZE); - salt[ECRYPTFS_SALT_SIZE * 2] = '\0'; ecryptfs_printk(KERN_DEBUG, " * salt = [%s]\n", salt); if (auth_tok->token.password.flags & ECRYPTFS_PERSISTENT_PASSWORD) { diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index e55bd8f9c952..a41c82d610a7 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -908,7 +908,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, (*packet_size) += s->packet_size_len; ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)], ECRYPTFS_SIG_SIZE); - s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0'; (*packet_size) += ECRYPTFS_SIG_SIZE; s->cipher_code = data[(*packet_size)++]; rc = ecryptfs_cipher_code_to_string(s->cipher_string, @@ -1781,8 +1780,6 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, } ecryptfs_to_hex(new_auth_tok->token.password.signature, sig_tmp_space, tag_11_contents_size); - new_auth_tok->token.password.signature[ - ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; crypt_stat->flags |= ECRYPTFS_ENCRYPTED; break; case ECRYPTFS_TAG_1_PACKET_TYPE: From 99853d9daef240a45e161d0e33487cda4810b999 Mon Sep 17 00:00:00 2001 From: Thorsten Blum Date: Sun, 11 Jan 2026 14:12:58 +0100 Subject: [PATCH 11/11] ecryptfs: Replace memcpy + NUL termination in ecryptfs_copy_filename Use kmemdup_nul() to copy 'name' instead of using memcpy() followed by a manual NUL termination. Remove the local return variable and the goto label to simplify the code. No functional changes. Signed-off-by: Thorsten Blum Acked-by: Tyler Hicks Signed-off-by: Tyler Hicks --- fs/ecryptfs/crypto.c | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index c2ec043857f2..978d151e892f 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -1418,21 +1418,11 @@ out: static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size, const char *name, size_t name_size) { - int rc = 0; - - (*copied_name) = kmalloc((name_size + 1), GFP_KERNEL); - if (!(*copied_name)) { - rc = -ENOMEM; - goto out; - } - memcpy((void *)(*copied_name), (void *)name, name_size); - (*copied_name)[(name_size)] = '\0'; /* Only for convenience - * in printing out the - * string in debug - * messages */ + (*copied_name) = kmemdup_nul(name, name_size, GFP_KERNEL); + if (!(*copied_name)) + return -ENOMEM; (*copied_name_size) = name_size; -out: - return rc; + return 0; } /**