[Bug 227605] [OCF] encrypt_multi/decrypt_multi process too many data

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227605

--- Comment #1 from Conrad Meyer <cem at freebsd.org> ---
Nice find.  It seems like this can only happen if passed an mbuf chain or uio
longer than crd_len.  Does using the API like this actually make sense?

We could maybe add an assertion that buffer input sizes matches crd_len (+
crd_skip).

In the case of esp_input(), it seems like m_split() could be used to separate
the authentication portion from the encrypted contents before passing to
crypto_dispatch().

OTOH, your patch looks totally correct.  I would additionally cast i to size_t
to avoid ambiguity in comparison signedness in min() macro.

-- 
You are receiving this mail because:
You are the assignee for the bug.