From 0af827988f07386898efdf83271900f91eb507b1 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Fri, 2 Mar 2018 16:59:17 -0800
Subject: [PATCH] e2fsck: validate that fscrypt_symlink_data.len is not too
 large

Make e2fsck start validating that the ciphertext length stored in the
header of an encrypted symlink target, plus the header itself, is no
larger than a filesystem block.  Previously e2fsck only verified that
this size is not exactly equal to a filesystem block.  This was
sufficient for unencrypted symlinks, where the "actual length" is
computed using strnlen(), but not for encrypted symlinks; the kernel
also considers encrypted symlinks with too-large ciphertext length to be
invalid.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 e2fsck/pass1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
index 421fa28..975f3f1 100644
--- a/e2fsck/pass1.c
+++ b/e2fsck/pass1.c
@@ -243,7 +243,7 @@ int e2fsck_pass1_check_symlink(ext2_filsys fs, ext2_ino_t ino,
 		} else {
 			len = strnlen(buf, fs->blocksize);
 		}
-		if (len == fs->blocksize)
+		if (len >= fs->blocksize)
 			return 0;
 	} else if (inode->i_flags & EXT4_INLINE_DATA_FL) {
 		char *inline_buf = NULL;
-- 
1.8.3.1