svn commit: r303650 - head/sys/opencrypto

Conrad Meyer cem at freebsd.org
Tue Aug 2 00:25:10 UTC 2016


That would be difficult, as this is completely dead code in base.  It
could be accessed through the /dev/crypto device by a port, however.
You haven't convinced me there is a security issue.

Cheers,
Conrad

On Mon, Aug 1, 2016 at 4:58 PM, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
> Adding CTurt to see if he wants to take a stab at writing a PoC exploit.
> It'd be cool for an offensive researcher to determine if it's simply a
> DoS. But regardless, a security fix is a security fix. All
> currently-supported branches really should be updated.
>
> Thanks,
>
> Shawn
>
> On Mon, Aug 01, 2016 at 04:41:02PM -0700, Conrad Meyer wrote:
>> Hey Shawn,
>>
>> I don't think this is security-related despite being a bug in
>> crypto-adjacent code.  At best it's a DoS, I think.
>>
>> Cheers,
>> Conrad
>>
>> On Mon, Aug 1, 2016 at 4:15 PM, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA512
>> >
>> >
>> >
>> > On August 1, 2016 6:57:03 PM EDT, "Conrad E. Meyer" <cem at FreeBSD.org> wrote:
>> >>Author: cem
>> >>Date: Mon Aug  1 22:57:03 2016
>> >>New Revision: 303650
>> >>URL: https://svnweb.freebsd.org/changeset/base/303650
>> >>
>> >>Log:
>> >>  opencrypto AES-ICM: Fix heap corruption typo
>> >>
>> >>This error looks like it was a simple copy-paste typo in the original
>> >>commit
>> >>  for this code (r275732).
>> >>
>> >>  PR:          204009
>> >>  Reported by: Chang-Hsien Tsai <luke.tw AT gmail.com>
>> >>  Sponsored by:        EMC / Isilon Storage
>> >
>> > Since cem@ refuses to MFC even security fixes, can someone with a commit bit please MFC this within normal security-related MFC timeframe? Additionally, does a security advisory need to be sent out? CC'ing secteam at .
>> >
>> > Thanks,
>> >
>> > Shawn
>> >
>> > - --
>> > Sent from my Android device with K-9 Mail. Please excuse my brevity.
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: APG v1.1.1
>> >
>> > iQI/BAEBCgApBQJXn9ggIhxTaGF3biBXZWJiIDxzaGF3bkBzaGF3bndlYmIuaW5m
>> > bz4ACgkQaoRlj1JFbu4Ypg//XLLOHX3y5ULHSEqEQ6tgUjQiR+9ADYKX1Zza3ghI
>> > FsHEr7O8yi31jb8EJ9+oOiZOHxjAfLP+ezwNoa9xRUQu0IoTcCLU6PzCzHv2viaa
>> > UZ+ae5xbB48i89o2ZshGTKgtwAzkCOhNkvPaAmS2yu14Xg+2CbhY2mCR+qdnAnMS
>> > cUU4dTsqTI+cHQoE2ehzDst/ABSaBZa2XZKxFp3EeTb3r2bNAvh72zMv6ethU8Ht
>> > 5VE7ZyRfQBpObZVcmSy6Sg8+vyjTRE4pdiajSqs3kIitPvxljwukMQ6DcdHCnJPx
>> > IlOTXnM1wd7iHSwNTP8jniemOR4QrrQ3fEwglsnjp2t45ZnWi46LhfoekOinX42v
>> > x7f+XWhcw0/oCF34q0rQ/YxFr0OcammmPMqjYKy7dlk2H6FSk9jnqh19lXu+qZP6
>> > UzlUS+IHHn7o0OaV9Tflsey7/24hFjEVAHFKZxsG7VzKaSjri6aJ8p2Mr2D1o1os
>> > rEMF15pV2d9l7tIFN0FigqmffZswpTbk+uNNHc8rg+Tq7QV1fhceTgLLXRfqlpq8
>> > ES/Y3Epr22KCCEhftQw3fqC1XpOpn5CUc3svJx7llXWYc/c7RdxGDNSujFF3IARk
>> > 741mx0N/ZkrcXZ/u/zk5+gMmS7NxhQXNk3QueRTIlqZv7e9GdlaYAPMZxQZKQKm3
>> > +YQ=
>> > =B3c1
>> > -----END PGP SIGNATURE-----
>> >
>> >
>
> --
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>
> GPG Key ID:          0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE


More information about the svn-src-all mailing list