Page MenuHomeFreeBSD
Files F102122259

D30154.diff
No OneTemporary
Actions

D30154.diff
View Options

diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@@ -878,6 +878,11 @@
}
crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
} else if (cse->ivsize != 0) {
+ if (crp->crp_payload_length < cse->ivsize) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+ error = EINVAL;
+ goto bail;
+ }
crp->crp_iv_start = 0;
crp->crp_payload_start += cse->ivsize;
crp->crp_payload_length -= cse->ivsize;
@@ -1058,6 +1063,11 @@
cse->ivsize == AES_XTS_IV_LEN)
caead->ivlen = AES_XTS_IV_LEN;
+ if (cse->ivsize == 0) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+ error = EINVAL;
+ goto bail;
+ }
if (caead->ivlen != cse->ivsize) {
error = EINVAL;
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
@@ -1071,10 +1081,9 @@
}
crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
} else {
- crp->crp_iv_start = crp->crp_payload_start;
- crp->crp_payload_start += cse->ivsize;
- crp->crp_payload_length -= cse->ivsize;
- dst += cse->ivsize;
+ error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
+ goto bail;
}
if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {

File Metadata

Mime Type
text/plain
Expires
Fri, Nov 8, 9:39 PM (22 h, 7 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
14543459
Default Alt Text
D30154.diff (1 KB)

Event Timeline