[Bug 227605] [OCF] encrypt_multi/decrypt_multi process too many data
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Apr 19 01:51:53 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227605
--- Comment #1 from Conrad Meyer <cem at freebsd.org> ---
Nice find. It seems like this can only happen if passed an mbuf chain or uio
longer than crd_len. Does using the API like this actually make sense?
We could maybe add an assertion that buffer input sizes matches crd_len (+
crd_skip).
In the case of esp_input(), it seems like m_split() could be used to separate
the authentication portion from the encrypted contents before passing to
crypto_dispatch().
OTOH, your patch looks totally correct. I would additionally cast i to size_t
to avoid ambiguity in comparison signedness in min() macro.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list