d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't leak a session and lock if a GMAC key has an invalid length.

Browse Source 
Reviewed by:	delphij (secteam)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D10273
This commit is contained in:
John Baldwin 2017-04-05 01:46:41 +00:00
parent a96da1c3fb
commit 2e2e26d14e
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/opencrypto/cryptosoft.c
View File

@ -930,8 +930,11 @@ swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
axf = &auth_hash_nist_gmac_aes_256; axf = &auth_hash_nist_gmac_aes_256;
auth4common: auth4common:
len = cri->cri_klen / 8; len = cri->cri_klen / 8;
if (len != 16 && len != 24 && len != 32) if (len != 16 && len != 24 && len != 32) {
swcr_freesession_locked(dev, i);
rw_runlock(&swcr_sessions_lock);
return EINVAL; return EINVAL;
}
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT); M_NOWAIT);