svn commit: r356561 - head/sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Thu Jan 9 18:30:00 UTC 2020
Author: jhb
Date: Thu Jan 9 18:29:59 2020
New Revision: 356561
URL: https://svnweb.freebsd.org/changeset/base/356561
Log:
Add stricter checking on mac key lengths.
Negative lengths are always invalid. The key length should also
be zero for hash algorithms that do not accept a key.
admbugs: 949
Reported by: Yuval Kanarenstein <yuvalk at ssd-disclosure.com>
Reviewed by: cem
MFC after: 1 week
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D23094
Modified:
head/sys/opencrypto/cryptodev.c
Modified: head/sys/opencrypto/cryptodev.c
==============================================================================
--- head/sys/opencrypto/cryptodev.c Thu Jan 9 18:14:48 2020 (r356560)
+++ head/sys/opencrypto/cryptodev.c Thu Jan 9 18:29:59 2020 (r356561)
@@ -585,8 +585,8 @@ cryptof_ioctl(
if (thash) {
cria.cri_alg = thash->type;
cria.cri_klen = sop->mackeylen * 8;
- if (thash->keysize != 0 &&
- sop->mackeylen > thash->keysize) {
+ if (sop->mackeylen > thash->keysize ||
+ sop->mackeylen < 0) {
CRYPTDEB("invalid mac key length");
error = EINVAL;
SDT_PROBE1(opencrypto, dev, ioctl, error,
More information about the svn-src-all
mailing list