svn commit: r316510 - head/sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Wed Apr 5 01:46:43 UTC 2017
Author: jhb
Date: Wed Apr 5 01:46:41 2017
New Revision: 316510
URL: https://svnweb.freebsd.org/changeset/base/316510
Log:
Don't leak a session and lock if a GMAC key has an invalid length.
Reviewed by: delphij (secteam)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D10273
Modified:
head/sys/opencrypto/cryptosoft.c
Modified: head/sys/opencrypto/cryptosoft.c
==============================================================================
--- head/sys/opencrypto/cryptosoft.c Wed Apr 5 01:44:03 2017 (r316509)
+++ head/sys/opencrypto/cryptosoft.c Wed Apr 5 01:46:41 2017 (r316510)
@@ -930,8 +930,11 @@ swcr_newsession(device_t dev, u_int32_t
axf = &auth_hash_nist_gmac_aes_256;
auth4common:
len = cri->cri_klen / 8;
- if (len != 16 && len != 24 && len != 32)
+ if (len != 16 && len != 24 && len != 32) {
+ swcr_freesession_locked(dev, i);
+ rw_runlock(&swcr_sessions_lock);
return EINVAL;
+ }
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
More information about the svn-src-all
mailing list