[src/trunk]: src/sys/opencrypto catch some corner cases of user input

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/opencrypto catch some corner cases of user input
From: drochner <drochner%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 20:30:34 +0000

details:   https://anonhg.NetBSD.org/src/rev/e9a3cb322966
branches:  trunk
changeset: 765384:e9a3cb322966
user:      drochner <drochner%NetBSD.org@localhost>
date:      Tue May 24 19:12:53 2011 +0000

description:
catch some corner cases of user input

diffstat:

 sys/opencrypto/cryptodev.c |  12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diffs (42 lines):

diff -r 319549692b38 -r e9a3cb322966 sys/opencrypto/cryptodev.c
--- a/sys/opencrypto/cryptodev.c        Tue May 24 19:10:08 2011 +0000
+++ b/sys/opencrypto/cryptodev.c        Tue May 24 19:12:53 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $ */
+/*     $NetBSD: cryptodev.c,v 1.64 2011/05/24 19:12:53 drochner Exp $ */
 /*     $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $        */
 /*     $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $   */
 
@@ -64,7 +64,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.63 2011/05/24 19:10:09 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.64 2011/05/24 19:12:53 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -456,7 +456,8 @@
        /* the iov needs to be big enough to handle the uncompressed
         * data.... */
        cse->uio.uio_iov[0].iov_len = iov_len;
-       cse->uio.uio_iov[0].iov_base = kmem_alloc(iov_len, KM_SLEEP);
+       if (iov_len > 0)
+               cse->uio.uio_iov[0].iov_base = kmem_alloc(iov_len, KM_SLEEP);
        cse->uio.uio_resid = cse->uio.uio_iov[0].iov_len;
        DPRINTF(("cryptodev_op[%u]: uio.iov_base %p malloced %d bytes\n",
                CRYPTO_SESID2LID(cse->sid),
@@ -677,9 +678,12 @@
        dst_len = crp->crp_ilen;
        /* let the user know how much data was returned */
        if (crp->crp_olen) {
+               if (crp->crp_olen > (cop->dst_len ? cop->dst_len : cop->len)) {
+                       error = ENOMEM;
+                       goto bail;
+               }
                dst_len = cop->dst_len = crp->crp_olen;
        }
-       crp->len = dst_len;
 
        if (cop->dst) {
                DPRINTF(("cryptodev_op: copyout %d bytes to %p\n", dst_len, cop->dst));

Prev by Date: [src/trunk]: src copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
Next by Date: [src/trunk]: src/sys/fs/tmpfs - Describe some locking.
Previous by Thread: [src/trunk]: src copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
Next by Thread: [src/trunk]: src/sys/fs/tmpfs - Describe some locking.
Indexes:

Home | Main Index | Thread Index | Old Index