From: Stephan Mueller <smueller@chronox.de>

When generating an encrypted file, the first page contains the header
information.  ecryptfs allocates one page to be filled with the meta
information.  ecryptfs_write_headers_virt() writes the header into the page. 
The code in this function up to the call of ecryptfs_generate_key_packet_set()
already writes some bytes into the page and moves the pointer forward
accordingly.

This patch now tells ecryptfs_generate_key_packet_set() exactly how many bytes
it is allowed to write.  Prior to that, the function would allow PAGE_MAX_SIZE
to be written which is longer than the allocated space (remember, some bytes
are already filled).

This problem does not really materialize in the current code as
ecryptfs_generate_key_packet_set() only writes a Tag 3 and Tag 11 with less
than 100 bytes.  But this fix ensures that when development continues, nobody
stumbles over the problem without being warned.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/ecryptfs/crypto.c          |    3 ++-
 fs/ecryptfs/ecryptfs_kernel.h |    3 ++-
 fs/ecryptfs/keystore.c        |   15 +++++++++++----
 3 files changed, 15 insertions(+), 6 deletions(-)

diff -puN fs/ecryptfs/crypto.c~ecryptfs-change-the-maximum-size-check-when-writing-header fs/ecryptfs/crypto.c
--- a/fs/ecryptfs/crypto.c~ecryptfs-change-the-maximum-size-check-when-writing-header
+++ a/fs/ecryptfs/crypto.c
@@ -1238,7 +1238,8 @@ int ecryptfs_write_headers_virt(char *pa
 	write_header_metadata((page_virt + offset), crypt_stat, &written);
 	offset += written;
 	rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat,
-					      ecryptfs_dentry, &written);
+					      ecryptfs_dentry, &written,
+					      PAGE_CACHE_SIZE - offset);
 	if (rc)
 		ecryptfs_printk(KERN_WARNING, "Error generating key packet "
 				"set; rc = [%d]\n", rc);
diff -puN fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-change-the-maximum-size-check-when-writing-header fs/ecryptfs/ecryptfs_kernel.h
--- a/fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-change-the-maximum-size-check-when-writing-header
+++ a/fs/ecryptfs/ecryptfs_kernel.h
@@ -451,7 +451,8 @@ int ecryptfs_cipher_code_to_string(char 
 void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
 int ecryptfs_generate_key_packet_set(char *dest_base,
 				     struct ecryptfs_crypt_stat *crypt_stat,
-				     struct dentry *ecryptfs_dentry, int *len);
+				     struct dentry *ecryptfs_dentry, int *len,
+				     int max);
 int process_request_key_err(long err_code);
 int
 ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
diff -puN fs/ecryptfs/keystore.c~ecryptfs-change-the-maximum-size-check-when-writing-header fs/ecryptfs/keystore.c
--- a/fs/ecryptfs/keystore.c~ecryptfs-change-the-maximum-size-check-when-writing-header
+++ a/fs/ecryptfs/keystore.c
@@ -982,6 +982,7 @@ out:
  * @ecryptfs_dentry: The dentry, used to retrieve the mount crypt stat
  *                   for the global parameters
  * @len: The amount written
+ * @max: The maximum amount of data allowed to be written
  *
  * Generates a key packet set and writes it to the virtual address
  * passed in.
@@ -991,7 +992,8 @@ out:
 int
 ecryptfs_generate_key_packet_set(char *dest_base,
 				 struct ecryptfs_crypt_stat *crypt_stat,
-				 struct dentry *ecryptfs_dentry, int *len)
+				 struct dentry *ecryptfs_dentry, int *len,
+				 int max)
 {
 	int rc = 0;
 	struct ecryptfs_auth_tok *auth_tok;
@@ -1006,7 +1008,7 @@ ecryptfs_generate_key_packet_set(char *d
 		auth_tok = mount_crypt_stat->global_auth_tok;
 		if (ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_PASSWORD)) {
 			rc = write_tag_3_packet((dest_base + (*len)),
-						PAGE_CACHE_SIZE, auth_tok,
+						max, auth_tok,
 						crypt_stat, &key_rec,
 						&written);
 			if (rc) {
@@ -1018,7 +1020,7 @@ ecryptfs_generate_key_packet_set(char *d
 			/* Write auth tok signature packet */
 			rc = write_tag_11_packet(
 				(dest_base + (*len)),
-				(PAGE_CACHE_SIZE - (*len)),
+				(max - (*len)),
 				key_rec.sig, ECRYPTFS_SIG_SIZE, &written);
 			if (rc) {
 				ecryptfs_printk(KERN_ERR, "Error writing "
@@ -1042,7 +1044,12 @@ ecryptfs_generate_key_packet_set(char *d
 		}
 	} else
 		BUG();
-	dest_base[(*len)] = 0x00;
+	if (likely((max - (*len)) > 0)) {
+		dest_base[(*len)] = 0x00;
+	} else {
+		ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
+		rc = -EIO;
+	}
 out:
 	if (rc)
 		(*len) = 0;
_