Created by Jason Xing and last modified

This revision(r886) is linked to #bug1678689.

Error Case: In the original version, users cannot mount ecryptfs with "-o passphrase_passwd_file=mykey" (<mykey> is "passwd=123=abc") or "-o passwd=123=abc". Because the passphrase user uses includes "=" character.

Error Hint:

Because in the manner of process_comma_tok() function (in the src/libecryptfs/cmd_in_parsers.c), ecryptfs will store "passwd=123" as the @current(parameter in that function)->name and "abc" as @current->value. That will go wrong when we go into tf_pass_file() function (in src/key_mod/ecryptfs_key_mod_passphrase.c) because it cannot match the name "passphrase_passwd" or "passwd".

Thus, I add two lines in process_comma_tok() to change that case. If we match one "=" character in the string, we don't need to loop and match another "=" again. More details in #change of my branch.

If there are still some problems you have or it cannot fix that bug, please let me know. Any information/suggestions/comments are welcome !!!
(My email address: kerneljasonxing@gmail.com).

Get this branch:
bzr branch lp:~wlxing/ecryptfs/fix-bug-1678689
Only Jason Xing can upload to this branch. If you are Jason Xing please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Jason Xing
Review team:
eCryptfs Developers

Recent revisions

886. By Jason Xing

src/libecryptfs/cmd_ln_parser.c: fix bug1419861

885. By Tyler Hicks

debian/changelog: Annotate CVE-2015-8946 and CVE-2016-6224

884. By Tyler Hicks

debian/ecryptfs-utils.postinst: Fix any unencrypted GPT swap partitions
that have mistakenly remained marked as auto mount. This should only
modify the swap partitions on systems that ecryptfs-setup-swap has been
used on. (LP: #1447282, LP: #1597154)

883. By Tyler Hicks

tests/kernel/lp-872905.sh: Adjust the test to account for upstream kernel
changes that were preventing the test from cleaning up after itself. The kernel
had a change of behavior where mounts that are configured to use encrypted
filenames will not be able to successfully lookup lower files with plaintext
filenames. This change caused the lower filler file, which was being created
directly in the lower filesystem, to not be removed during the test cleanup and
all of the following tests to fail since the lower filesystem remained full.

The upstream kernel commit mentioned above is:

  88ae4ab ecryptfs_lookup(): try either only encrypted or plaintext name

882. By Tyler Hicks

src/utils/ecryptfs-setup-swap: Prevent unencrypted swap partitions from
being automatically enabled by systemd. This bug affected GPT partitioned
NVMe/MMC drives and resulted in the swap partition being used without
encryption. It also resulted in a usability issue in that users were
erroneously prompted to enter a pass-phrase to unlock their swap partition
at boot. (LP: #1597154)

881. By Tyler Hicks

[ Richard Laager ]
* src/utils/ecryptfs-setup-private: LP: #1574174
  - Adjust the test for discovering already active mount point destinations
    so that it doesn't accidentally match mount point sources.
  - Fixes ecryptfs-setup-private issue when attempting to use ZFS and
    eCryptfs together

880. By Dustin Kirkland 

opening 112

879. By Dustin Kirkland 

releasing package ecryptfs-utils version 111

878. By Dustin Kirkland 

* src/utils/ecryptfs-setup-private: LP: #1328689
  - fix a long standing bug, where setting up an encrypted private,
    encrypted home, or migrating to an encrypted home did not work
    correctly over ssh sessions
  - the root cause of the bug is some complexity in the handling of
    user keyrings and session keyrings
  - the long term solution would be to correctly use session keyrings
  - the short term solution is to continue linking user and session

877. By Dustin Kirkland 

opening 111

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.