From: Stephan Mueller <smueller@chronox.de>

The encrypted file ecryptfs maintains has in the first page meta data that is
needed for ecryptfs operation.  As the encrypted file is untrusted, every bit
read of that file must be validated.

The patch ensures that crypt_stat->num_header_extents_at_front is checked for
improper values.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/ecryptfs/crypto.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletion(-)

diff -puN fs/ecryptfs/crypto.c~ecryptfs-validate-minimum-header-extent-size fs/ecryptfs/crypto.c
--- 25/fs/ecryptfs/crypto.c~ecryptfs-validate-minimum-header-extent-size	Tue Jun 27 15:09:31 2006
+++ 25-akpm/fs/ecryptfs/crypto.c	Tue Jun 27 15:09:31 2006
@@ -1332,7 +1332,8 @@ static int parse_header_metadata(struct 
 	crypt_stat->num_header_extents_at_front =
 		(int)num_header_extents_at_front;
 	(*bytes_read) = 6;
-	if (crypt_stat->header_extent_size
+	if ((crypt_stat->header_extent_size
+	     * crypt_stat->num_header_extents_at_front)
 	    < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) {
 		rc = -EINVAL;
 		ecryptfs_printk(KERN_WARNING, "Invalid header extent size: "
_