svn commit: r318245 - stable/11/sys/opencrypto

Fri May 12 18:01:06 UTC 2017

Author: jhb
Date: Fri May 12 18:01:05 2017
New Revision: 318245
URL: https://svnweb.freebsd.org/changeset/base/318245

Log:
  MFC 316510: Don't leak a session and lock if a GMAC key has an invalid length.

Modified:
  stable/11/sys/opencrypto/cryptosoft.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/opencrypto/cryptosoft.c
==============================================================================

--- stable/11/sys/opencrypto/cryptosoft.c	Fri May 12 17:40:34 2017	(r318244)
+++ stable/11/sys/opencrypto/cryptosoft.c	Fri May 12 18:01:05 2017	(r318245)
@@ -930,8 +930,11 @@ swcr_newsession(device_t dev, u_int32_t 
 			axf = &auth_hash_nist_gmac_aes_256;
 		auth4common:
 			len = cri->cri_klen / 8;
-			if (len != 16 && len != 24 && len != 32)
+			if (len != 16 && len != 24 && len != 32) {
+				swcr_freesession_locked(dev, i);
+				rw_runlock(&swcr_sessions_lock);
 				return EINVAL;
+			}
 
 			(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
 			    M_NOWAIT);
