From: Stephan Mueller <smueller@chronox.de>

The encrypted file ecryptfs maintains has in the first page meta data that is
needed for ecryptfs operation.  As the encrypted file is untrusted, every bit
read of that file must be validated.

The patch ensures that crypt_stat->num_header_extents_at_front is checked for
improper values.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/ecryptfs/crypto.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff -puN fs/ecryptfs/crypto.c~ecryptfs-validate-minimum-header-extent-size fs/ecryptfs/crypto.c
--- a/fs/ecryptfs/crypto.c~ecryptfs-validate-minimum-header-extent-size
+++ a/fs/ecryptfs/crypto.c
@@ -1349,7 +1349,8 @@ static int parse_header_metadata(struct 
 	crypt_stat->num_header_extents_at_front =
 		(int)num_header_extents_at_front;
 	(*bytes_read) = 6;
-	if (crypt_stat->header_extent_size
+	if ((crypt_stat->header_extent_size
+	     * crypt_stat->num_header_extents_at_front)
 	    < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) {
 		rc = -EINVAL;
 		ecryptfs_printk(KERN_WARNING, "Invalid header extent size: "
_