socsvn commit: r286798 - soc2013/def/crashdump-head/sys/kern
def at FreeBSD.org
def at FreeBSD.org
Sun Jun 7 17:50:29 UTC 2015
Author: def
Date: Sun Jun 7 17:50:28 2015
New Revision: 286798
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=286798
Log:
Don't allow to read keys via sysctl(8).
Modified:
soc2013/def/crashdump-head/sys/kern/kern_shutdown.c
Modified: soc2013/def/crashdump-head/sys/kern/kern_shutdown.c
==============================================================================
--- soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Sun Jun 7 17:40:48 2015 (r286797)
+++ soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Sun Jun 7 17:50:28 2015 (r286798)
@@ -891,9 +891,12 @@
{
int error;
+ if (req->newptr == NULL)
+ return (EPERM);
+
error = sysctl_handle_opaque(oidp, dumpcrypto.kdc_key,
sizeof(dumpcrypto.kdc_key), req);
- if (req->newptr == NULL || error != 0)
+ if (error != 0)
return (error);
arc4rand(dumpcrypto.kdc_iv, sizeof(dumpcrypto.kdc_iv), 0);
@@ -908,13 +911,8 @@
size_t encryptedkeylen, kdksize;
int error;
- if (req->newptr == NULL) {
- if (dumpkey == NULL)
- return (0);
-
- return (sysctl_handle_opaque(oidp, dumpkey->kdk_encryptedkey,
- dumpkey->kdk_encryptedkeylen, req));
- }
+ if (req->newptr == NULL)
+ return (EPERM);
encryptedkeylen = req->newlen;
kdksize = ((sizeof(*kdk) + encryptedkeylen +
More information about the svn-soc-all
mailing list